X
Klepněte zde pro přechod na mobilní verzi webu.

Fórum podpory

DOH potential security risk message

Přidáno

When trying DNS over https in in a neetwork that uses googles DNS 8.8.8.8 and 8.8.4.4 I configured FF as follows set network.trr.mode=3 set network.trr.bootstarpaddress=8.8.8.8 set network.trr.uri=https://dns.google/dns-query

Then I went to https://1.1.1.1/help knowing full well that I am use googles DOH and not cloudflare expecting cloudflare web site to tell me I am not using there services with results being all negative.

Instead FF reported that "Warning potential security problem ahead". See enclosed If I am using Googles DOH values and I go to a cloudgflare site why would FF flag the site as a security risk? Keeping in mind FF appears to be working for other sites in the DOH configuration for Google with no visible problems.

When trying DNS over https in in a neetwork that uses googles DNS 8.8.8.8 and 8.8.4.4 I configured FF as follows set network.trr.mode=3 set network.trr.bootstarpaddress=8.8.8.8 set network.trr.uri=https://dns.google/dns-query Then I went to https://1.1.1.1/help knowing full well that I am use googles DOH and not cloudflare expecting cloudflare web site to tell me I am not using there services with results being all negative. Instead FF reported that "Warning potential security problem ahead". See enclosed If I am using Googles DOH values and I go to a cloudgflare site why would FF flag the site as a security risk? Keeping in mind FF appears to be working for other sites in the DOH configuration for Google with no visible problems.
Přiložené obrázky
Citovat
jscher2000
  • Top 10 Contributor
8569 řešení 70085 odpovědí

Can you click the Advanced button for more information about why the certificate verification failed?

Can you click the Advanced button for more information about why the certificate verification failed?
Bylo to pro vás srozumitelné?
Citovat
cor-el
  • Top 10 Contributor
  • Moderator
17334 řešení 156735 odpovědí

1.1.1.1 would normally redirect you to a server in your vicinity using anycast, so there might be a domain mismatch for the certificate after the redirect.

1.1.1.1 would normally redirect you to a server in your vicinity using anycast, so there might be a domain mismatch for the certificate after the redirect.
Bylo to pro vás srozumitelné?
Citovat
Položit otázku

Pro přidání odpovědi se musíte přihlásit ke svému účtu. Pokud dosud nemáte účet, položte novou otázku.