[squid-users] Skype Issues

Marcus Kool marcus.kool at urlfilterdb.com
Thu Jun 30 13:38:28 UTC 2016



On 06/30/2016 09:10 AM, Amos Jeffries wrote:
...
>   The on_unsupported_protocol directive is about what its name says *any*
> unsupported protocol. Not ICQ specific.
>
> I think the issue here is that Skype looks at the binary level like TLS.
> TLS being a supported protocol if it looks close enough then it would be
> seen as invalid/broken TLS, not some non-TLS.

Applications may use any protocol that they desire to tunnel through a proxy.
They may use TLS+SMTP, TLS+HTTP, TLS+XYZ, RC4+FOO, SSH, VPN, BAR, TXT and
many others.
Since bumping is intended to only interfere with TLS+HTTP, Squid should bump
_only_ TLS+HTTP and not interfere with all other protocols.

Squid 3.5 finally made a lot of progress with bumping TLS+HTTP and the
missing piece to be able to use it in many environments is a
mechanism to deal with all other protocols (non TLS+HTTP).
The first step is to not break applications. The second step is
to have mechanisms to decide what to do with the other
protocols, since most admins want to block SSH and VPN,
while allowing Skype and BAR.

Marcus

> Sory Renato, with that not working I'm not sure where to go next.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>


More information about the squid-users mailing list