https version of a hidden service

[joshp23]

does an https version of a hidden service get respected with tor2web? For instance if the hidden service needs to authenticate using client side ssl, does this get broken with the tor2web service?

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/36441976-https-version-of-a-hidden-service?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github).

[evilaliv3]

it should not; we fixed this with facebook;

they have a tor hidden service using https if you want to test;
you will get the facebook hidden service answering you via tor2web that the tor2web connection is disabled because they block tor2web connections intentionally.

http://facebookcorewwwi.onion
https://facebookcorewwwi.onion.to/

[joshp23]

When I had only an https version up the tor2web didn't connect or give me an error. just hung.
I have my htaccess set up to redirect my http traffic to https it results in a 500 failure from onion.to.

is the failure on my end? How should I set this up to cooperate with a vanilla tor2web setup?

[evilaliv3]

No there is nothing you should do but the hidden Service should implement both http and https. The http connection should redirect to the https location. This is the only way tor2web can detect the https existance of the hidden Service. Refer to #162 for details

[joshp23]

right on. I think the difference in my setup was the requirement of client side ssl. I'll set up another service and test without client certificate requirement, and then on, and try to get you back with some logs.

[evilaliv3]

i see; i didn't got the point of the ssl certificate by the client; yes for sure this would be broken

what is the use case? is this a Tor2web setup applied to GlobaLeaks?