[tor-talk] Whonix 14 has been Released

2018-08-07 Thread Patrick Schleizer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 After more than two years of development, the Whonix Project is proud to announce the release of Whonix 14. Whonix 14 is based on the Debian stretch (Debian 9) distribution which was released in June 2017. This means users have access to many new so

[tor-talk] is Torbrowser more affected by webservers failing to send their complete certificate chain?

2018-08-07 Thread nusenu
Hi, I assume that Torbrowser users are more affected by webservers that do not send their complete certificate chain (incl. interm. CAs) due to the fact that torbrowser stores/caches less data (including certs?) persistently. an example of a page that results in an TLS error page in Torbrowser

Re: [tor-talk] is Torbrowser more affected by webservers failing to send their complete certificate chain?

2018-08-07 Thread Nathaniel Suchy
Could you list some example websites that have this problem? On Tue, Aug 7, 2018 at 8:08 AM nusenu wrote: > Hi, > > I assume that Torbrowser users are more affected by webservers > that do not send their complete certificate chain (incl. interm. CAs) > due to the fact that torbrowser stores/cache

Re: [tor-talk] is Torbrowser more affected by webservers failing to send their complete certificate chain?

2018-08-07 Thread john doe
Bottom-posting. On 8/7/2018 3:50 PM, Nathaniel Suchy wrote: Could you list some example websites that have this problem? On Tue, Aug 7, 2018 at 8:08 AM nusenu wrote: Hi, I assume that Torbrowser users are more affected by webservers that do not send their complete certificate chain (incl. in

Re: [tor-talk] is Torbrowser more affected by webservers failing to send their complete certificate chain?

2018-08-07 Thread grarpamp
> torbrowser stores/caches less data (including certs?) persistently. > TLS error page in Torbrowser due to incomplete cert. chain: > https://irtf.org/ > > https://www.ssllabs.com/ssltest/analyze.html?d=irtf.org&s=2001%3a1900%3a3001%3a11%3a0%3a0%3a0%3a2c&hideResults=on&latest > With the growing n

Re: [tor-talk] is Torbrowser more affected by webservers failing to send their complete certificate chain?

2018-08-07 Thread nusenu
grarpamp: >> With the growing number of sites deploying HSTS, the impact is even bigger. > > While https adoption is related to impact, hsts isn't since it only applies > once https is visited did you notice the non-HSTS/HSTS distinction when trying to add an exception? >> Should Torbrowser sh

[tor-talk] Tor 0.3.4.6-rc is released

2018-08-07 Thread Nick Mathewson
Hi, all! There's a new Tor release candidate! Because it's not a stable release yet, you should only run it if you're ready to find bugs and report them on trac.torproject.org. The source code is available from the usual place on https://www.torproject.org/download/download.html; if you build To

Re: [tor-talk] is Torbrowser more affected by webservers failing to send their complete certificate chain?

2018-08-07 Thread grarpamp
> did you notice the non-HSTS/HSTS distinction when trying to add an exception? If there is, would have to look closer, thx. Though a bit moot unless recompilation is needed to add. >>> Should Torbrowser ship a few common interm. CAs by default? >> >> No. Because when LE gets compromised, then yo