For mailboxes, we provide by default, elliptic curve cryptography (ECC) for faster email encryption and decryption. Support is also offered for 4096 bit RSA keys.
For browsing, TLS 1.3 is enabled, preventing anyone from intercepting your messages, further improving your privacy.
For an added measure we added, HTTP Strict Transport Security (HSTS) to prevent possible man-in-the-middle attacks, like protocol downgrade attacks. This is why you can’t access our website via unsecured HTTP.
For onion, we don’t offer any SSL because it doesn’t need one. Tor already offers end-to end encryption.
“When visiting a site over the onion services protocol, the Tor protocol prevents data in transit from being read or manipulated by man in the middle attacks, and the onion service protocol validates that the user is connected to the domain name in the browser address bar. No certificate authority is required for this proof, because the name of the service is the actual public key used to authenticate the underlying connection.” You can read more about this here.