News

SSL certificates are allowed for version 3 onion addresses

The CA / B Forum, the official regulator of the SSL certificate industry, has adopted a new ballot, SC27v3, which explains the rules for issuing certificates for version 3 onion addresses.

Certification authorities can now issue DV and OV certificates containing onion addresses for Tor using the new version 3 name format.

In Decree 144, which was later supplemented by Decree 198/201, the CA / B Forum set the rules for issuing EV certificates for onion addresses. The reason for this decision was that the onion addresses were cryptographically weak, relying on RSA-1024 and SHA-1 algorithms. The recently introduced ‘version 3’ has eliminated these shortcomings.

The Tor Service Descriptor Hash extension, which was previously specified in the EV release rules, is now no longer required. It contained a complete hash of keys, but has now become part of the .onion address in version 3.

Addresses in version 2 are still in use, so Tor Service Descriptor Hash requirements for EV are still maintained for them.

To summarise:

  • For version 1 and 2 onion addresses, only EV certificates are available;
  • For version 3 - DV / OV / EV.

Subscribe to our updates to stay up to date with the latest changes in SSL! 


Are you ready to try?


Yes! Let's do it for free!

Have any questions?
Call us now +31 20 7640722