[squid-users] Squid Peek/Splice some issues
ahmed.zaeem at netstream.ps
Tue Jun 21 12:18:34 UTC 2016
Dear Amos & eliezer
all i need right now is just having it work , since I’m not interested in caching and i can accept the low security affect .
can i keep on squid 3.5 and do the idea of eliezer that is “"bypassing squid SSL unwrapping.”” ??
> On Jun 21, 2016, at 11:31 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 21/06/2016 9:43 a.m., --Ahmad-- wrote:
>> Hi ,
>> i have squid that is working on 3.5 .
>> traffic of t 80 and 443 traffic to Squid via IPTables.
>> Squid then passes traffic to ClamAV via C-ICAP. Squid is configured to intercept all SSL traffic and PKI has been setup and distributed to all clients.
>> we have a problem in Skype of Business (Office 365) and Slack (Chat app) seems its broken from squid intercept.
> * Skype uses a protocol which appears very much ike TLS/SSL. But is not.
> So it usually breaks when treated as TLS.
> * Office 365 uses a non-HTTP protocol (RTP, RPC) inside its TLS. So
> Squid cannot SSL-Bump it.
> * I imagine that Slack probably does not use HTTPS as well, but some
> other chat protocol.
> For all of the above you will probably need the on_unsupported_protocol
> feature in Squid-4.
> squid-users mailing list
> squid-users at lists.squid-cache.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users