We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

DOH not encrypting some items

  • 8 个回答
  • 1 人有此问题
  • 8 次查看
  • 最后回复者为 BenzJamin129

more options

While trying to understand why maps.google.com would not connect I opened "about:networking" and looked at the http list and noticed that maps.google.com and "ocsp.digicert.com where not encrypted using https.

Can anyone tell me why https on FF which is configured to use D.O.H. does not show all connections using port 443? Enclosed is the list.

While trying to understand why maps.google.com would not connect I opened "about:networking" and looked at the http list and noticed that maps.google.com and "ocsp.digicert.com where not encrypted using https. Can anyone tell me why https on FF which is configured to use D.O.H. does not show all connections using port 443? Enclosed is the list.
已附加屏幕截图

所有回复 (8)

more options

Some data needs to be retrieved via http, this is about CRL (Certificate Revocation List) and is apprantly also necessary for OCSP (Online Certificate Status Protocol) checking.

Google sites like maps.google.com should work with HTTPS, so I'm not sure why this shows as HTTP.

Are you possibly using a bookmark with an HTTP link ?

more options

I am not using a bookmark for maps.google.com. I tried entering in the URL field "http://maps.google.com" and it is immediately changed to "https://maps.google.com". Occassinally maps.google.com will not open and stalls.

I do not understand why an protocol having to do with certificates item like OCSP would not be encrypted at all times?

more options

I should also add that I have configured HTTPS-mode to enable https mode in all windows so any web site I visit should not be anything other than https. See enclosed

more options

Note that DoH (DNS over HTTPS) is only about retrieving information from a DNS server and not about forcing HTTPS (e.g. HTTPS-Only).


OCSP does not mandate encryption, so other parties may intercept this information.


See also:

more options

I understand that DOH encrypts request for web sites via https. But the problem I described with maps.google.com being displayed as port 80 instead of 443 has me confused as to what occurred.This is not the only site I had this issue another site www.dynastyauto.ca (auto dealer). Both sites are https and FF is set for HTTPS-mode to enable.

If any site I visit has to be https before I can view the site what is about:networking#http tell me?

I have noticed the exact same behavior for FF on android.

由user226514887665625432230708206477982186438于修改

more options

DoH does not encrypt browsing per se

more options

That is correct.

But why is FF report in the http list maps.google.com as using port 80? I do not think any portion of maps.google.com uses port 80 so what is FF reporting?

more options

So, that's it? That just makes me think the answer is not one I'd like. Seems a little shady.