Các câu trả lời gần đây cho DoH and client authenticationhttps://support.mozilla.org/vi/questions/12687012019-09-18T01:15:07-07:00Sorry for the confusion, My DoH server is nginx and DoH client is firefox.
2019-09-18T01:15:07-07:00oike.mayaohttps://support.mozilla.org/vi/questions/1268701#answer-1253020<p>Sorry for the confusion, My DoH server is nginx and DoH client is firefox.
</p>Is this something your own making or from whom software/hardware are you using this from? If not you2019-09-14T20:01:11-07:00WestEndhttps://support.mozilla.org/vi/questions/1268701#answer-1252131<p>Is this something your own making or from whom software/hardware are you using this from? If not yours did you contact their support on this issue since firefox AFAIK isn't a server software?
</p>1.
From packet dump in my environment, Firefox DoH client sent no client certificate back to the D2019-09-13T13:04:45-07:00oike.mayaohttps://support.mozilla.org/vi/questions/1268701#answer-1251857<p>1.
From packet dump in my environment, Firefox DoH client sent no client certificate back to the DoH server.
</p>
<ol><li> DoH Session
</li></ol>
<p>Secure Sockets Layer
</p><pre> TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 44
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 3
Certificates Length: 0 &lt;&lt;===== NULL
&nbsp;:
&nbsp;:
</pre>
<ol><li> Normal session (from firefox URL bar)
</li></ol>
<p>Secure Sockets Layer
</p><pre> TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 1913
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 1352
Certificates Length: 1349 &lt;&lt;===== (valid client certificate)
&nbsp;:
&nbsp;:
</pre>
<p>2.
Regarding HTTP header auth, DoH server (nginx on frontend) generated logs something like "no user/password was provided for basic authentication"....
</p><p><br>
Does anyone have tried to authenticate Firefox DoH user to prevent your DoH server from being an open resolver?
</p>