Ce site disposera de fonctionnalités limitées pendant que nous effectuons des opérations de maintenance en vue de vous proposer un meilleur service. Si un article ne règle pas votre problème et que vous souhaitez poser une question, notre communauté d’assistance est prête à vous répondre via @FirefoxSupport sur Twitter, et /r/firefox sur Reddit.

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

DoH and client authentication

  • 3 réponses
  • 2 ont ce problème
  • 1 vue
  • Dernière réponse par fjsw

more options

I’m trying to use my own DoH server with Firefox. It works fine basically but if I enable client authentication on it, DoH seems to fail. Since It’s difficult to create ip address based access filtering for remote mobile users, I want to add some user authentication feature to my DoH session.

Does current DoH client of Firefox support “TLS client certificate” or “HTTP header” authentication?

I’m trying to use my own DoH server with Firefox. It works fine basically but if I enable client authentication on it, DoH seems to fail. Since It’s difficult to create ip address based access filtering for remote mobile users, I want to add some user authentication feature to my DoH session. Does current DoH client of Firefox support “TLS client certificate” or “HTTP header” authentication?

Toutes les réponses (3)

more options

1. From packet dump in my environment, Firefox DoH client sent no client certificate back to the DoH server.

  1. DoH Session

Secure Sockets Layer

   TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
       Content Type: Handshake (22)
       Version: TLS 1.2 (0x0303)
       Length: 44
       Handshake Protocol: Certificate
           Handshake Type: Certificate (11)
           Length: 3
           Certificates Length: 0  <<===== NULL
       :
       :
  1. Normal session (from firefox URL bar)

Secure Sockets Layer

   TLSv1.2 Record Layer: Handshake Protocol: Multiple Handshake Messages
       Content Type: Handshake (22)
       Version: TLS 1.2 (0x0303)
       Length: 1913
       Handshake Protocol: Certificate
           Handshake Type: Certificate (11)
           Length: 1352
           Certificates Length: 1349   <<===== (valid client certificate)
          :
          :

2. Regarding HTTP header auth, DoH server (nginx on frontend) generated logs something like "no user/password was provided for basic authentication"....


Does anyone have tried to authenticate Firefox DoH user to prevent your DoH server from being an open resolver?

more options

Is this something your own making or from whom software/hardware are you using this from? If not yours did you contact their support on this issue since firefox AFAIK isn't a server software?

Modifié le par WestEnd

more options

Sorry for the confusion, My DoH server is nginx and DoH client is firefox.