DOH not encrypting some items
While trying to understand why maps.google.com would not connect I opened "about:networking" and looked at the http list and noticed that maps.google.com and "ocsp.digicert.com where not encrypted using https.
Can anyone tell me why https on FF which is configured to use D.O.H. does not show all connections using port 443? Enclosed is the list.
All Replies (8)
Some data needs to be retrieved via http, this is about CRL (Certificate Revocation List) and is apprantly also necessary for OCSP (Online Certificate Status Protocol) checking.
Google sites like maps.google.com should work with HTTPS, so I'm not sure why this shows as HTTP.
Are you possibly using a bookmark with an HTTP link ?
I am not using a bookmark for maps.google.com. I tried entering in the URL field "http://maps.google.com" and it is immediately changed to "https://maps.google.com". Occassinally maps.google.com will not open and stalls.
I do not understand why an protocol having to do with certificates item like OCSP would not be encrypted at all times?
I should also add that I have configured HTTPS-mode to enable https mode in all windows so any web site I visit should not be anything other than https. See enclosed
Note that DoH (DNS over HTTPS) is only about retrieving information from a DNS server and not about forcing HTTPS (e.g. HTTPS-Only).
OCSP does not mandate encryption, so other parties may intercept this information.
I understand that DOH encrypts request for web sites via https. But the problem I described with maps.google.com being displayed as port 80 instead of 443 has me confused as to what occurred.This is not the only site I had this issue another site www.dynastyauto.ca (auto dealer). Both sites are https and FF is set for HTTPS-mode to enable.
If any site I visit has to be https before I can view the site what is about:networking#http tell me?
I have noticed the exact same behavior for FF on android.
Modified by Mace2
DoH does not encrypt browsing per se
So, that's it? That just makes me think the answer is not one I'd like. Seems a little shady.