github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-05-06 15:58:22 -05:00
Code Issues 1.1k Packages Projects Releases 122 Wiki Activity

[GH-ISSUE #6202] [PM-28863] Unable to log in to self-hosted server with .onion URL #28279

New Issue
Closed
opened 2026-04-18 12:18:09 -05:00 by GiteaMirror · 5 comments
GiteaMirror commented 2026-04-18 12:18:09 -05:00
Owner
Copy Link

Originally created by @Zighy on GitHub (Nov 26, 2025).
Original GitHub issue: https://github.com/bitwarden/android/issues/6202

Steps To Reproduce

  1. Go to login page
  2. Click on 'Logging in on : Self-hosted'
  3. Click on 'Self-hosted'
  4. On textbox 'Server URL' entre the http://.onion URL of the server behind tor network
  5. Click on 'Save'
  6. Perform Login and error occours => show the error :

Stacktrace:

java.net.Un knownServiceException: CLEARTEXT communication to xxxxxxxxxxx.onion not permitted by network security policy ....

Expected Result

The login should be allowed on .onion URL because it doesn't use https, end encryption is enforced by orbot VPN

Actual Result

Unable to login

Screenshots or Videos

No response

Additional Context

Moved here from issue : https://github.com/bitwarden/android/issues/6199

I understand that since 2025.8 the following feature has been implemented for security reasons but an exception for .onion URLs to allow http connections is greatly appreciated :

HTTPS now required on Android: The Android Password Manager app now requires connection to a server using HTTPS. This change will only affect users who are self-hosting a Bitwarden server without a SSL/TLS certificate. Learn more about certificates here.

(--> https://bitwarden.com/help/releasenotes/#2025-8-0)

Build Version

2025.11.0 (20967)

What server are you connecting to?

Self-host

Self-host Server Version

No response

Environment Details

  • Redmi Note 9
  • Android MIUI version 14.0.5

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Originally created by @Zighy on GitHub (Nov 26, 2025). Original GitHub issue: https://github.com/bitwarden/android/issues/6202 ### Steps To Reproduce 1. Go to login page 2. Click on 'Logging in on : Self-hosted' 3. Click on 'Self-hosted' 4. On textbox 'Server URL' entre the http://.onion URL of the server behind tor network 5. Click on 'Save' 6. Perform Login and error occours => show the error : Stacktrace: java.net.Un knownServiceException: CLEARTEXT communication to xxxxxxxxxxx.onion not permitted by network security policy .... ### Expected Result The login should be allowed on .onion URL because it doesn't use https, end encryption is enforced by orbot VPN ### Actual Result Unable to login ### Screenshots or Videos _No response_ ### Additional Context Moved here from issue : https://github.com/bitwarden/android/issues/6199 I understand that since 2025.8 the following feature has been implemented for security reasons but an exception for .onion URLs to allow http connections is greatly appreciated : > HTTPS now required on Android: The Android Password Manager app now requires connection to a server using HTTPS. This change will only affect users who are self-hosting a Bitwarden server without a SSL/TLS certificate. Learn more about certificates [here](https://bitwarden.com/help/certificates/). (--> https://bitwarden.com/help/releasenotes/#2025-8-0) ### Build Version 2025.11.0 (20967) ### What server are you connecting to? Self-host ### Self-host Server Version _No response_ ### Environment Details - Redmi Note 9 - Android MIUI version 14.0.5 ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
GiteaMirror added the bugapp:password-manager labels 2026-04-18 12:18:09 -05:00
GiteaMirror commented 2026-04-18 12:18:12 -05:00
Author
Owner
Copy Link

@bitwarden-bot commented on GitHub (Nov 26, 2025):

Thank you for your report! We've added this to our internal board for review.
ID: PM-28863

<!-- gh-comment-id:3582938149 --> @bitwarden-bot commented on GitHub (Nov 26, 2025): Thank you for your report! We've added this to our internal board for review. ID: [PM-28863](https://bitwarden.atlassian.net/browse/PM-28863) [PM-28863]: https://bitwarden.atlassian.net/browse/PM-28863?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
GiteaMirror commented 2026-04-18 12:18:12 -05:00
Author
Owner
Copy Link

@pamperer562580892423 commented on GitHub (Nov 26, 2025):

... you still need https 😉:

Image

(--> https://bitwarden.com/help/releasenotes/#2025-8-0)

(I saw you also added this to your post now.... - And my general advice here: you are not reporting a bug now... but you're asking for a kind of an exception... so, that would be a feature request... and you'll get redirected to the Bitwarden Community Forum eventually, I would predict 😉)

<!-- gh-comment-id:3583263563 --> @pamperer562580892423 commented on GitHub (Nov 26, 2025): ... you still need https 😉: <img width="910" height="113" alt="Image" src="https://github.com/user-attachments/assets/b549907c-64e5-4bce-a03e-fd95684b06ff" /> (--> https://bitwarden.com/help/releasenotes/#2025-8-0) (I saw you also added this to your post now.... - And my general advice here: you are not reporting a bug now... but you're asking for a kind of an exception... so, that would be a feature request... and you'll get redirected to the Bitwarden Community Forum eventually, I would predict 😉)
GiteaMirror commented 2026-04-18 12:18:13 -05:00
Author
Owner
Copy Link

@vinnyperella commented on GitHub (Nov 29, 2025):

You can create ssl certificates for Onion services might be a good workaround for now. https://brave.com/blog/new-onion-service/

<!-- gh-comment-id:3591718814 --> @vinnyperella commented on GitHub (Nov 29, 2025): You can create ssl certificates for Onion services might be a good workaround for now. https://brave.com/blog/new-onion-service/
GiteaMirror commented 2026-04-18 12:18:14 -05:00
Author
Owner
Copy Link

@Sergey842248 commented on GitHub (Nov 30, 2025):

Can we please have a toggle (maybe in any advanced settings for the App) disabling SSL/TLS errors with a big warning?

<!-- gh-comment-id:3592972471 --> @Sergey842248 commented on GitHub (Nov 30, 2025): Can we please have a toggle (maybe in any advanced settings for the App) disabling SSL/TLS errors with a big warning?
GiteaMirror commented 2026-04-18 12:18:16 -05:00
Author
Owner
Copy Link

@jtodddd commented on GitHub (Dec 1, 2025):

Hi there,

We use GitHub issues as a place to track bugs and other development related issues. The Bitwarden Community Forums has a Feature Requests section for submitting, voting for, and discussing requests like this one: https://community.bitwarden.com/c/feature-requests/

Please sign up on our forums and search to see if this request already exists (https://community.bitwarden.com/signup). If so, you can vote for it and contribute to any discussions about it. If not, you can re-create the request there so that it can be properly tracked.

This issue will now be closed. Note that the “Closed as not planned” status is for internal tracking purposes only, please do not hesitate to send us your suggestions to the forum.

Thanks!

<!-- gh-comment-id:3596767464 --> @jtodddd commented on GitHub (Dec 1, 2025): Hi there, We use GitHub issues as a place to track bugs and other development related issues. The Bitwarden Community Forums has a Feature Requests section for submitting, voting for, and discussing requests like this one: https://community.bitwarden.com/c/feature-requests/ Please sign up on our forums and search to see if this request already exists (https://community.bitwarden.com/signup). If so, you can vote for it and contribute to any discussions about it. If not, you can re-create the request there so that it can be properly tracked. This issue will now be closed. Note that the “Closed as not planned” status is for internal tracking purposes only, please do not hesitate to send us your suggestions to the forum. Thanks!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label app:password-manager bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#28279
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?