X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

DoH and client authentication

Được đăng

I’m trying to use my own DoH server with Firefox. It works fine basically but if I enable client authentication on it, DoH seems to fail. Since It’s difficult to create ip address based access filtering for remote mobile users, I want to add some user authentication feature to my DoH session.

Does current DoH client of Firefox support “TLS client certificate” or “HTTP header” authentication?

I’m trying to use my own DoH server with Firefox. It works fine basically but if I enable client authentication on it, DoH seems to fail. Since It’s difficult to create ip address based access filtering for remote mobile users, I want to add some user authentication feature to my DoH session. Does current DoH client of Firefox support “TLS client certificate” or “HTTP header” authentication?
Trích dẫn

Chi tiết hệ thống bổ sung

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (iPhone; CPU iPhone OS 12_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Mobile/15E148 Safari/604.1

Thông tin chi tiết

Được đăng

Người tạo câu hỏi

1. From packet dump in my environment, Firefox DoH client sent no client certificate back to the DoH server.

  1. DoH Session

Secure Sockets Layer

   TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
       Content Type: Handshake (22)
       Version: TLS 1.2 (0x0303)
       Length: 44
       Handshake Protocol: Certificate
           Handshake Type: Certificate (11)
           Length: 3
           Certificates Length: 0  <<===== NULL
       :
       :
  1. Normal session (from firefox URL bar)

Secure Sockets Layer

   TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
       Content Type: Handshake (22)
       Version: TLS 1.2 (0x0303)
       Length: 1913
       Handshake Protocol: Certificate
           Handshake Type: Certificate (11)
           Length: 1352
           Certificates Length: 1349   <<===== (valid client certificate)
          :
          :

2. Regarding HTTP header auth, DoH server (nginx on frontend) generated logs something like "no user/password was provided for basic authentication"....


Does anyone have tried to authenticate Firefox DoH user to prevent your DoH server from being an open resolver?

1. From packet dump in my environment, Firefox DoH client sent no client certificate back to the DoH server. # DoH Session Secure Sockets Layer TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 44 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 3 Certificates Length: 0 <<===== NULL : : # Normal session (from firefox URL bar) Secure Sockets Layer TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 1913 Handshake Protocol: Certificate Handshake Type: Certificate (11) Length: 1352 Certificates Length: 1349 <<===== (valid client certificate) : : 2. Regarding HTTP header auth, DoH server (nginx on frontend) generated logs something like "no user/password was provided for basic authentication".... Does anyone have tried to authenticate Firefox DoH user to prevent your DoH server from being an open resolver?
Bài viết này có hữu ích với bạn không?
Trích dẫn
WestEnd
  • Top 25 Contributor
60 giải pháp 5379 câu trả lời
Được đăng

Is this something your own making or from whom software/hardware are you using this from? If not yours did you contact their support on this issue since firefox AFAIK isn't a server software?

Is this something your own making or from whom software/hardware are you using this from? If not yours did you contact their support on this issue since firefox AFAIK isn't a server software?

Được chỉnh sửa bởi WestEnd vào

Bài viết này có hữu ích với bạn không? 0
Trích dẫn
Được đăng

Người tạo câu hỏi

Sorry for the confusion, My DoH server is nginx and DoH client is firefox.

Sorry for the confusion, My DoH server is nginx and DoH client is firefox.
Bài viết này có hữu ích với bạn không?
Trích dẫn
Đặt một câu hỏi

Bạn phải đăng nhập vào tài khoản của bạn để trả lời bài viết. Vui lòng bắt đầu một câu hỏi mới, nếu bạn chưa có tài khoản.