>>19634
I say this >>19635 for TOR case, but if you mean normal tls used in https pki then there are many attacks
just an example: use your own CA to issue imbersonating certificate for target, since most governments control some CA and normally browser trusts them all equally