Hi, in Tor Browser there is the ability to enforce HTTPS-only mode.
Is it also possible to block all insecure plain HTTP traffic centrally at tor daemon side, e.g. via torrc config? (*1)
If not, is there any way to enforce HTTPS with the Android app Tor Orbot? It is my impression that injecting malicious scripts into HTML documents or other injection attacks is still one of the bigger threats for Tor users.
Thanks for any feedback.
(*1) To clarify: I mean E2E encryption from client app to target website, not the local connection between Tor SOCKS client and server. I guess some rudimentary way to inspect the SOCKS packet content would be needed here.