[squid-users] Yet another new cipher?
James Lay
jlay at slave-tothe-box.net
Thu Jun 30 13:18:54 UTC 2016
On Fri, 2016-07-01 at 01:04 +1200, Amos Jeffries wrote:
> On 1/07/2016 12:43 a.m., James Lay wrote:
> >
> > On Wed, 2016-06-29 at 19:33 -0600, James Lay wrote:
> > >
> > > Yugh...starting around 10:00 facebook no longer works via
> > > peek/splice. pcap contents show:
> > >
> > > 1QTV01...CHLO....SNI.....VERS....scontent.xx.fbcdn.netQTV1
> > >
> > > after the threeway handshake and an instant reset. Anyone know
> > > what
> > > this is? Cause I haven't a clue....screenshot of success after
> > > bypassing included. Thank you.
> > >
> > I guess I should also say that this is from the official Facebook
> > app
> > on Android...just updated on Tuesday.
> FWIW: I identified the last one from your posted wireshark details.
> Looking at the "Unknown Ciphers:" list and looking up the hex codes
> listed there in the IANA registry.
>
> The details posted so far about this issue tells me nothing except
> that
> FB suddenly stopped working.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
That's fair...I'm including a successful handshake...wireshark just
sees this as data. Thanks Amos!
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160630/44121d07/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 192.168.1.101-stream5.pcapng
Type: application/x-pcapng
Size: 34000 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160630/44121d07/attachment-0001.bin>
More information about the squid-users
mailing list