Avatar for Username

ابحث في الدعم

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

DOH not encrypting some items

  • 8 ردود
  • 1 has this problem
  • 3 views
  • آخر ردّ كتبه BenzJamin129

Mace2
Mace2
more options

While trying to understand why maps.google.com would not connect I opened "about:networking" and looked at the http list and noticed that maps.google.com and "ocsp.digicert.com where not encrypted using https.

Can anyone tell me why https on FF which is configured to use D.O.H. does not show all connections using port 443? Enclosed is the list.

While trying to understand why maps.google.com would not connect I opened "about:networking" and looked at the http list and noticed that maps.google.com and "ocsp.digicert.com where not encrypted using https. Can anyone tell me why https on FF which is configured to use D.O.H. does not show all connections using port 443? Enclosed is the list.
Attached screenshots

All Replies (8)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Some data needs to be retrieved via http, this is about CRL (Certificate Revocation List) and is apprantly also necessary for OCSP (Online Certificate Status Protocol) checking.

Google sites like maps.google.com should work with HTTPS, so I'm not sure why this shows as HTTP.

Are you possibly using a bookmark with an HTTP link ?

Mace2
Mace2 صاحب السؤال
more options

I am not using a bookmark for maps.google.com. I tried entering in the URL field "http://maps.google.com" and it is immediately changed to "https://maps.google.com". Occassinally maps.google.com will not open and stalls.

I do not understand why an protocol having to do with certificates item like OCSP would not be encrypted at all times?

Mace2
Mace2 صاحب السؤال
more options

I should also add that I have configured HTTPS-mode to enable https mode in all windows so any web site I visit should not be anything other than https. See enclosed

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

Note that DoH (DNS over HTTPS) is only about retrieving information from a DNS server and not about forcing HTTPS (e.g. HTTPS-Only).

OCSP does not mandate encryption, so other parties may intercept this information.

See also:

Mace2
Mace2 صاحب السؤال
more options

I understand that DOH encrypts request for web sites via https. But the problem I described with maps.google.com being displayed as port 80 instead of 443 has me confused as to what occurred.This is not the only site I had this issue another site www.dynastyauto.ca (auto dealer). Both sites are https and FF is set for HTTPS-mode to enable.

If any site I visit has to be https before I can view the site what is about:networking#http tell me?

I have noticed the exact same behavior for FF on android.

Modified by Mace2

knowledge is like power
knowledge is like power
more options

DoH does not encrypt browsing per se

Mace2
Mace2 صاحب السؤال
more options

That is correct.

But why is FF report in the http list maps.google.com as using port 80? I do not think any portion of maps.google.com uses port 80 so what is FF reporting?

BenzJamin129
BenzJamin129
more options

So, that's it? That just makes me think the answer is not one I'd like. Seems a little shady.