HTTPS via Tor - how establish TLS

Hello everyone!
I’m new here, so if my question isn’t in this thread, please let me know where to post it.
I’m wondering what it looks like to connect to a website that uses HTTPS via the TOR network and is it safe?
Assuming that the connection is initiated by the client (TOR browser), then the CLIENT HELLO message, which initiates the TLS connection, is encrypted with public server’s keys, but the Exit Node will see this message by decrypting the last layer. He will also see the SERVER HELLO response, which gives him the opportunity to decrypt HTTPS communication. In my opinion, this is not safe and there will be a risk of data manipulation. Please let me know what it looks like technically, because I couldn’t find it in the TOR documentation.


I’m not a security expert but it should not be a vulnerability, I don’t think we need to “mix” TOR network and TLS connection for website in HTTPS on the clear internet.

For a standard website, the TLS handshake will be done between your client, so Tor browser, and the server who host the website, and at this time all packets will come from the exit node from the Tor circuit used by your browser.


  • Of course, the exit node will not know from where the packet comes (your browser).
  • The server will not know from where the TLS connection come from, it will see only the Tor exit node.
  • When TLS handshake is done, all packets from your brower will be encrypted with the server public key so at this time, encrypted until the server.
  • At this time, Tor network will be used “only” to avoid that the server knows your real IP and will not interfer on the TLS connection.

Not sure I’m 100% right but it should be something like that

How exactly will the exit node be able to decrypt the TLS traffic? Server hello does not contain enough data to decrypt the TLS traffic, with RSA the client random and pre master secret are encrypted and with DH and EC the secret isn’t transmitted at all.

By your logic, your ISP, anyone on your network, or anyone with a nic in monitor mode would be able to decrypt your TLS traffic. Which isn’t the case.

Exit node will not have access the symmetric keys used to encrypt the application data. They are either encrypted with a public key or not transmitted at all.

1 Like

SERVER HELLO is not enough, but CLIENT HELLO and SERVER HELLO are sufficient to decrypt HTTPS traffic. So my question is whether if EXIT NODE sees CLIENT HELLO and in response SERVER HELLO can decrypt the traffic.

“SERVER HELLO is not enough, but CLIENT HELLO and SERVER HELLO are sufficient to decrypt HTTPS traffic.”

Not true, because if this was the case, all TLS traffic could be decrypted by network sniffing, as SERVER HELLO and CLIENT HELLO are plaintext. With RSA, the server and client random are combined with the premaster secret to create the session key, the premaster secret is encrypted when transmitted, with perfect forward secrecy, only the public keys are shared.

Are you sure? :wink:
Look on that:

I’ve tried - it’s work!

Yes, I am sure.

It’s capturing the session keys from the client running locally, TOR nodes would not have access to that. Your example is capturing the session keys, not just the random s.


From: damian via Tor Project Forum
Sent: Tuesday, October 10, 2023 6:37:45 AM
Subject: [Tor Project Forum] [Support/Tor Browser Desktop] HTTPS via Tor - how establish TLS

October 10

Are you sure? :wink:
Look on that:

How to DECRYPT HTTPS Traffic with Wireshark

I’ve tried - it’s work!

Visit Topic or reply to this email to respond.

To unsubscribe from these emails, click here.