Roger Dingledine <arma <at> mit.edu> writes:
> > On Mon, Apr 18, 2016 at 06:39:33AM -0700, Ryan Carboni wrote: > > > > > > 2. https://www.torproject.org/docs/faq.html.en#SSLcertfingerprint > > I think the fingerprint is outdated. > > We indeed just got new ssl certs. Probably the fix there is to just > remove that FAQ entry. > I can see the new SSL certificate for *.torproject.org, issued 2016-04-15. I'd prefer the FAQ entry to be updated rather than removed. It gives me a little confidence in the site, though presumably anyone who was MITM-ing the SSL connection would also changes the fingerprint on the FAQ! The blog.torproject.org certificate is still in date until 2017-06-14 but my certificate viewer shows this is issued by DigiCert not RapidSSL as stated on the FAQ. Also the FAQ quotes SHA1 and MD5 fingerprints for the certificate, both of these are broken (but hopefully not for the same cert!) I'm not too wrorried but can someone post the correct info to the FAQ? A SHA-256 fingerprint would also be good. Thanks -- lukep -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
