Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

DOH not encrypting some items

more options

While trying to understand why maps.google.com would not connect I opened "about:networking" and looked at the http list and noticed that maps.google.com and "ocsp.digicert.com where not encrypted using https.

Can anyone tell me why https on FF which is configured to use D.O.H. does not show all connections using port 443? Enclosed is the list.

Attached screenshots

All Replies (8)

more options

Some data needs to be retrieved via http, this is about CRL (Certificate Revocation List) and is apprantly also necessary for OCSP (Online Certificate Status Protocol) checking.

Google sites like maps.google.com should work with HTTPS, so I'm not sure why this shows as HTTP.

Are you possibly using a bookmark with an HTTP link ?

Helpful?

more options

I am not using a bookmark for maps.google.com. I tried entering in the URL field "http://maps.google.com" and it is immediately changed to "https://maps.google.com". Occassinally maps.google.com will not open and stalls.

I do not understand why an protocol having to do with certificates item like OCSP would not be encrypted at all times?

Helpful?

more options

I should also add that I have configured HTTPS-mode to enable https mode in all windows so any web site I visit should not be anything other than https. See enclosed

Helpful?

more options

Note that DoH (DNS over HTTPS) is only about retrieving information from a DNS server and not about forcing HTTPS (e.g. HTTPS-Only).


OCSP does not mandate encryption, so other parties may intercept this information.


See also:

Helpful?

more options

I understand that DOH encrypts request for web sites via https. But the problem I described with maps.google.com being displayed as port 80 instead of 443 has me confused as to what occurred.This is not the only site I had this issue another site www.dynastyauto.ca (auto dealer). Both sites are https and FF is set for HTTPS-mode to enable.

If any site I visit has to be https before I can view the site what is about:networking#http tell me?

I have noticed the exact same behavior for FF on android.

Modified by Mace2

Helpful?

more options

DoH does not encrypt browsing per se

Helpful?

more options

That is correct.

But why is FF report in the http list maps.google.com as using port 80? I do not think any portion of maps.google.com uses port 80 so what is FF reporting?

Helpful?

more options

So, that's it? That just makes me think the answer is not one I'd like. Seems a little shady.

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.