@ghostshell said in Blocked Page:
https://www.reddit.com/r/pfBlockerNG/comments/lnczld/is_dnsbl_webserver_for_ssl_https_connections/
I don't understand what has been said there.
pfBlockerNG-devel logging isn't the issue here. The internal unbound (python, or not) or Lighttpd logs are not available to our browsers.
Our browser see what the web server @10.10.10.10:443 is replying after a page request.
It doesn't understand the answer.
What I think ** what is happening :
Our browser caches web server certificates, as HSTS has become wide spread.
So, our browsers knows what type of cert it should get back from web server. Because it caches certificates, for days, weeks, or even months (so naughty you, you've visited this site already ones without pfBlockerNG ;) - the cert was loaded and cached ).
Many encryption types exist, and the self generated (self signed) cert from the web server of pfBlockerNG cert does not have the right 'format'. If it had the right format, the host name would have been verified (and the date and many more aspects) and then a more understandable error would have been shown.
This issue can not be resolved. Our browsers could show more comprehensible message, true, but it all boils down to :
You wanted to visit a.tld but b.tld replied.
That's a MITM situation and that's a no-go
** Firefox is open source. So the source code will show the exact conditions of the error.