[squid-users] windowsupdate and ssl_bump

Amos Jeffries squid3 at treenet.co.nz
Sun Oct 19 20:31:54 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 18/10/2014 8:56 p.m., Josep Borrell wrote:
> Hi,
> 
> We are using a 3.4.8 squid Proxy in intercept mode via wccp. Squid
> intercepts HTTP and HTTPS via ssl_bump. All is working fine except
> that Windows Machines can't do a Windows Update. It is not working
> at all giving an error  80072F8F with HTTPS redirection disabled
> all work fine.
> 
> Someone knows how to maintain the SSL interception with a
> functional Windows Update ?

Windows Update has always done a "call home" CONNECT rquest to port
443 to verify the licensing or something. It may or may not actually
be HTTPS.

I would look into what is happening with those requests with your
bumping setup.

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJURB+6AAoJELJo5wb/XPRjGzQH/jOWkNZMTRIL0X87hmPLYjEd
L1qoE4F+/Phh+d3aMl9EJxhdWQ6BuYOdNGTrL1Jpq4/37xFxUj3vCuZ638iY6Mad
ETQYTwb1oiX5vzJs0P/VaswJeQ36pR5yAMP0RmS3Y2uBTxeD9kSjQLwiwezt0BKI
obUqwJHcGS+K8CXsLfJle4ivIDkOy+BNFt/ujOYjjQ8UaY1Sg2GLZU2rtCFOoqav
05p62E4/jVkrBUP7o4AXFJADXHjaH/73FB/XY517vWp8R181xz6eWYcbkF8zdhzA
TixCnmt83mJEH5AdkNpl4IRRzaIPP4KsBTUUE4LN9cHH/ZS9ZQHPc2bKVVjr/aU=
=g5io
-----END PGP SIGNATURE-----


More information about the squid-users mailing list