Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Quick question!

If I visit a web site using HTTPS (SSL) while running Tor/Privoxy will
the host site see my true IP or the Tor exit node IP.


PS If this is the wrong group do please direct me to the correct group.

Re: HTTPS over TOR

Hash: RIPEMD160

Mr User wrote:

Quoted text here. Click to load it

The Tor exit node IP. The SSL connection is basically "tunneled" through
Tor just like any other connection.

An off the wall comment though, I believe that during an SSL handshake the
client (you) suggests connection parameters like SSL version and key
exchange, and the server accepts or rejects those suggestions. This
*might* mean that you could be partitioned by version number or uniquely
identified by an individually crafted SSL certificate if you're not
careful. Careful, as in paying attention to any warnings about funny
certificates and such.

But these little niggles aside you're as secure as you can be. A bit more
secured than just using plain vanilla HTTP because the Tor exit node can't
see any content. They know where you're going, not what you're doing.

Quoted text here. Click to load it

This sort of discussion takes place quite a bit in alt.privacy and
alt.privacy.anon-server, but there's no reason it can't be discussed here.
In the future you might want to pose your questions there also.


Re: HTTPS over TOR

Sheik Yurbhuti wrote:
Quoted text here. Click to load it

Many thanks.
I was just curious when using Torrified connections with Hushmail. I
will indeed subscribe to alt.privacy.anon-server but find alt.privacy
more a news resource.

Re: HTTPS over TOR

As Sheik Yurbhuti already mentioned, you should pay attention to the
certificates: the Tor exit node is in the favorable position to perform
a MITM attack against SSL.

You might want to configure Tor to avoid to exit in certain places.

Site Timeline