[tor-talk] MITM attack on TLS

Ivan Markin twim at riseup.net
Fri Nov 20 22:53:27 UTC 2015


Justin:
> Also, I have no option but to keep the cert because if I don’t the
> filter may use DPI to block TLS for me.

Funny! I mean that you're already have no TLS, because actual TLS is
terminated at your ITDep. You should remove these CAs - you have nothing
to lose!
When TLS is blocked (looks too problematically when it comes to the
reasons of this censorship, but possible) try another Pluggable Transport.

-- 
Ivan Markin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20151120/86a57285/attachment.sig>


More information about the tor-talk mailing list