Jump to: navigation, search

SSL

SSL[edit]

User Documentation[edit]

SSL in Wikipedia [1]

The public SSL certificate authority system is not to be trusted. Too many security breaches happened before. [2]

See also Man-in-the-middle attacks.

Whonix Technical Design[edit]

SSL certificates, especially for https://check.torproject.org (check.tpo) are not yet pinned in Whonix. Eventually that will be done in future. That needs some more discussion. How that technically could be done is documented under Dev/SSL Certificate Pinning. This has low priority for Whonix, since not even the Tor Browser Bundle does pin the check.tpo SSL certificate, which is a much bigger issue. Whonix developer adrelanos does not agree with "low priority" in TBB. See TBB: hardcode SSL cert check to prevent MITM.

Footnotes[edit]

  1. https://en.wikipedia.org/wiki/Transport_Layer_Security
  2. See DigiNotar, Comodo and Turktrust.

Random News:

Do you wonder why Whonix will always be free? Check out Why Whonix is Free Software.


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, the content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.