[squid-users] Mac OS X Updates

Kinkie gkinkie at gmail.com
Mon Aug 24 11:52:23 UTC 2015

Hi John,
  according to the article you link to, it's not possible to cache these
updates: Apple puts some effort as a conscious choice to make it so.

  Updates for older versions of MacOS may be over HTTP, newer ones are over
HTTPs over port 443 and and dynamically-generated ports. HTTP could be
cached, https cannot without ssl-bump/peek-n-splice (SSL man-in-the-middle).
  The wording of the article seems to suggest that the list of trusted
issuers of certificates for the https service is not the same as the
system's CA root certificate store but is probably locked to Apple's. This
means that also SSL MITM is not possible, by design.

On Wed, Aug 19, 2015 at 9:20 PM, John Pearson <johnpearson555 at gmail.com>

> Anyone have Mac OS X update caching working ? Without doing a SSL bump. I
> think they are hosted through https (
> https://support.apple.com/en-us/HT202943 )
> Thanks!
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150824/ab4f5ae4/attachment.html>

More information about the squid-users mailing list