X
Tap here to go to the mobile version of the site.

Support Forum

DOH potential security risk message

Posted

When trying DNS over https in in a neetwork that uses googles DNS 8.8.8.8 and 8.8.4.4 I configured FF as follows set network.trr.mode=3 set network.trr.bootstarpaddress=8.8.8.8 set network.trr.uri=https://dns.google/dns-query

Then I went to https://1.1.1.1/help knowing full well that I am use googles DOH and not cloudflare expecting cloudflare web site to tell me I am not using there services with results being all negative.

Instead FF reported that "Warning potential security problem ahead". See enclosed If I am using Googles DOH values and I go to a cloudgflare site why would FF flag the site as a security risk? Keeping in mind FF appears to be working for other sites in the DOH configuration for Google with no visible problems.

When trying DNS over https in in a neetwork that uses googles DNS 8.8.8.8 and 8.8.4.4 I configured FF as follows set network.trr.mode=3 set network.trr.bootstarpaddress=8.8.8.8 set network.trr.uri=https://dns.google/dns-query Then I went to https://1.1.1.1/help knowing full well that I am use googles DOH and not cloudflare expecting cloudflare web site to tell me I am not using there services with results being all negative. Instead FF reported that "Warning potential security problem ahead". See enclosed If I am using Googles DOH values and I go to a cloudgflare site why would FF flag the site as a security risk? Keeping in mind FF appears to be working for other sites in the DOH configuration for Google with no visible problems.
Attached screenshots
Quote
jscher2000
  • Top 10 Contributor
8569 solutions 70085 answers

Can you click the Advanced button for more information about why the certificate verification failed?

Can you click the Advanced button for more information about why the certificate verification failed?
Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17334 solutions 156736 answers

1.1.1.1 would normally redirect you to a server in your vicinity using anycast, so there might be a domain mismatch for the certificate after the redirect.

1.1.1.1 would normally redirect you to a server in your vicinity using anycast, so there might be a domain mismatch for the certificate after the redirect.
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.