No HTTPS site for download

[WellBehavedDemon]

There's a chance that the TinyCoreLinux project is under attack. Home routers are known to be vulnerable garbage and, when I try to download TinyCoreLinux, either the connection to "tinycorelinux.net" fails or the response is that "there is no HTTPS support" (see the image below). But this is nonsense! I can access "forum.tinycorelinux.net" without issue so why should "tinycorelinux.net" have issues? I think that the home router that I'm using (garbage provided by a garbage ISP) detects a connection to "tinycorelinux.net" and denies it or forces an HTTP connection so that  a man-in-the-middle attack where I'll end up downloading a fake ISO image happens.



Where can I find the hashes for the TinyCoreLinux CD images? I need this to make sure that I'm not downloading a version with vulnerabilities.

[Juanito]

What happens if you load the wget and ca-certificates extensions and try something like “wget repo.tinycorelinux.net/17.x/x86/tcz/flwm.tcz.md5.txt”?

[gadget42]

one previous thread regarding the http download webpages:

https://forum.tinycorelinux.net/index.php?topic=26893.0

[WellBehavedDemon]

What happens if you load the wget and ca-certificates extensions and try something like “wget repo.tinycorelinux.net/17.x/x86/tcz/flwm.tcz.md5.txt”?

See the screenshots above. That is what happens. If I try to connect to it through HTTPS, the connection will be refused. This is odd because forum.tinycorelinux.net works without issue, but the domains where the integrity hashes and downloads are available are not served through HTTPS.

[Paul_123]

The only part of the site running https is forum.tinycorelinux.net and wiki.tinycorelinux.net.

Everything else is hosted from the repo server that is http only.  Which would include URLs like tinycorelinux.net and repo.tinycorelinux.net