[squid-users] Skype bypass using ssl_bump peek
Amos Jeffries
squid3 at treenet.co.nz
Wed Dec 17 12:13:26 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 17/12/2014 10:52 p.m., Yu-Hsuan Liao wrote:
The peek at step1 should be detecting that non-TLS/SSL is occuring.
For the non-HTTP over TLS/SSL... IF you bumped it Squid can still
fallback to tunnel I think, but a slower way than splice normally
would. A few people are indicating problems or weirdness with how
serverHello is handled so YMMV.
NP: this is all brand new complicated functionality and I'm not the
author/designer. So reality may differ a bit from what I understand of
it all.
As long as you are able to determine whether to do splice and Squid
has not yet auto-generated anything that got sent out, then you should
be able to.
If Squid has sent anything over the wire that was generated by Squid
(bumping) the only choices left are continue with bump or reject/abort.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUkXM9AAoJELJo5wb/XPRjIy0H/A4alyGG/lNif60LcCWWKEI6
7+mCNz28b+q828gCTWfF7i93rd6s5qxkhmXDs5rnluJ+0nbxawpOfCoMeeKnQQU7
+GwmmeZFzrF0yh933Ck+A10aJVP40boC9U62B9BcH1gnKlVKshe8zl+ZIO0EHyRA
Af0yhYE/Lp5A4GKLgwTNnJmbQ2/eUZKfs86rF4bSXHJkc3ecObBnztTMV0b2xm4N
ypZyYDNCyoxm4QoD7qGbXYUxcwCV3U9rA0TZ+6tD8pDqGhqbggahvvtiM7ldSOco
bpO0Ttu0o4AIkLVpIRIfQfEgRGxFBaqgKuYGMHm8WcU719KCc2L7EFtpUxLFWEs=
=pApA
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list