aria2c useful for Whonix?

Development
#1 
sudo apt-get install aria2

Features:

  • resume by default
  • fast when using multiple connections aria2c -x4 <url>

Intended use cases (speculative for now):

  • Download Whonix images by users.
  • In Whonix documentation.
  • Perhaps in Whonix source code as replacement for curl such as for downloading Tor Browser.
  • Installation by default in Whonix.

Questions:

  • Vulnerable to sslstrip?
  • Otherwise anything speaking against it?

//cc @HulaHoop

#2

aria2 comes with SSL (prefers GNUTLS by default) no mention of sslstrip vuln on search. I don’t see any mention of cookie setting or personal identifier caching.

It is also used as the download core of many other programs and has a great feature set.

I don’t see why we shouldn’t have it :slight_smile:

1 Like
#3

07/13 13:11:52 [WARN] aria2c had to connect to the other side using an unknown TLS protocol. The integrity and confidentiality of the connection might be compromised.

It shows this error but exits with exit code 0. For use in scripts, this needs to exit non-zero. Hopefully there is a command line option for this.

#4

Perhaps you can write a wrapper for it to map theis specific exit message with a different code?

https://aria2.github.io/manual/en/html/aria2c.html#exit-status

1 Like
#5

Certainly doable, however… While this would catch this specific message, it wouldn’t catch other messages that I don’t know about yet. Therefore it could be an incomplete solution. Aka whack a mole. This message at bad design and cannot be reliably fixed at a wrapper level. Best we could do here is probably a bug report or feature request.