[squid-users] Dropbox and GoogleDrive apps won't connect with SSLBump enabled
Stanford Prescott
stan.prescott at gmail.com
Tue Sep 1 13:30:57 UTC 2015
Thanks for the info, Rafael.
Stan
On Mon, Aug 31, 2015 at 11:39 PM, Rafael Akchurin <
rafael.akchurin at diladele.com> wrote:
> The SSL pinning means dropbox application does know the fingerprint of the
> certificate of the connection out-of-band and will simply refuse to work
> with another (even trusted one).
>
> It is not possible to change this behaviour without recompiling unless
> developers of dropbox has some "managed" mode...
>
> See http://docs.diladele.com/faq/squid/dropbox.html
>
> Best regards,
> Rafael
>
> Op 1 sep. 2015 om 00:55 heeft Stanford Prescott <stan.prescott at gmail.com>
> het volgende geschreven:
>
> Yes, SSLBump still works with the web apps, but it would be a lot more
> convenient if the mobile apps would also work.
>
> Does anyone know how to pin Squid's self-signed certificate's public key
> to Googledrive and Dropbox so that it would work with SSLBump enabled?
>
> Stan
>
> On Mon, Aug 31, 2015 at 3:29 PM, Yuri Voinov <yvoinov at gmail.com> wrote:
>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> BTW, GoogleDrive web application still works with bump. Use it, Luke ;)
>>
>> 01.09.15 2:21, Jason Haar пишет:
>> > On 01/09/15 02:59, Shane King wrote:
>> >> Accessing via the browser may work but the sync clients that sit in
>> >> the system tray use certificate pinning I believe. So if certificate
>> >> pinning is being used, ssl bumping will not work. You will see an
>> >> alert message in the pcap followed by a connection termination.
>> >
>> > This stopped working for me last week - I suspect there was an update or
>> > something
>> >
>> > Really frustrating: one of the primary reasons I want to do TLS
>> > intercept is to AV all the viruses published on dropbox!!!
>> >
>> > If the Cloud providers go full pinning, the future of TLS Intercept is
>> bleak
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > squid-users mailing list
>> > squid-users at lists.squid-cache.org
>> > http://lists.squid-cache.org/listinfo/squid-users
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2
>>
>> iQEcBAEBCAAGBQJV5LkrAAoJENNXIZxhPexGH9oH/AyK089Jek7yb/YPB16jAKPJ
>> LnKgKPQ4r8lu3wm5o4JuOXF6mun79fGVW9dymB5rasTJlHiCHrvXEK4G2KqyRg3B
>> 57TdvHuLhHr+IE0jcpMpk6n/pbdHzYJwkbplTd9HNApw+/LJpfxXVzQZsspJJC58
>> e12pMXL+i5Dv2vEYLEeySVnDN0mtuBdxD7lxDWFDFDbfBZvoGHEptOQYR3lelEet
>> xEIds+sNYrjYPK8a9BuiKSK0IqQ5mxhsbUIg4Z7LxyKv3+sTV+aW3HMdKkMoc5t8
>> bPCHec1eIxU7p9lgyKGn2HXtV1WQ5MAeOuI9YHGqdeSfgCPfT1wYF2imiHC9ez8=
>> =2wPb
>> -----END PGP SIGNATURE-----
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150901/24e6e025/attachment-0001.html>
More information about the squid-users
mailing list