[squid-users] Transparent Squid issue with Appstore in MacOS Sierra

Hardik Dangar hardikdangar+squid at gmail.com
Thu Feb 9 14:43:53 UTC 2017 

hey eliezer,

thanks for quick response i am actually using following,

acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/url.nobump"
ssl_bump splice NoSSLIntercept
ssl_bump peek DiscoverSNIHost
ssl_bump bump all

contents of url.nobump file are,

update\.microsoft\.com$
update\.microsoft\.com\.akadns\.net$
v10\.vortex\-win\.data\.microsoft.com$
settings\-win\.data\.microsoft\.com$
# The next are trusted SKYPE addresses
a\.config\.skype\.com$
pipe\.skype\.com$
w[0-9]+\.web\.whatsapp\.com$
tty\.scaleway\.com$
eaadhaar\.uidai\.gov\.in$
facebook\.com$
opera\.com$
itunes\.apple\.com$


Do i need to do anything additional? or are you suggesting i remove bumping
completely and just use splice feature only.


On Thu, Feb 9, 2017 at 3:52 PM, Eliezer Croitoru <eliezer at ngtech.co.il>
wrote:

> Thanks for sharing the details.
>
> But you didn’t answered if you tried slice with ssl bump.
>
> Let me know if you have tried it.
>
>
>
> Eliezer
>
>
>
> ----
>
> Eliezer Croitoru <http://ngtech.co.il/lmgtfy/>
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
>
>
>
> *From:* hardikdangar at gmail.com [mailto:hardikdangar at gmail.com] *On Behalf
> Of *Hardik Dangar
> *Sent:* Wednesday, February 8, 2017 10:17 PM
> *To:* Eliezer Croitoru <eliezer at ngtech.co.il>
> *Cc:* Squid Users <squid-users at lists.squid-cache.org>
> *Subject:* Re: [squid-users] Transparent Squid issue with Appstore in
> MacOS Sierra
>
>
>
> I am using following command,
>
>
>
> i am converting pem file into cer using openssl and then putting that file
> using this command into keychain.
>
> sudo security add-trusted-cert -d -r trustRoot -k
> "/Library/Keychains/System.keychain" "~/mycert.cer"
>
>
>
> On Wed, Feb 8, 2017 at 9:36 PM, Eliezer Croitoru <eliezer at ngtech.co.il>
> wrote:
>
> Can you give me\us a link to instructions how you have installed the
> certificate on MAC OS?
> I know how to do it on Windows and Linux but not MAC OS.
>
> Also, have you tried using peek and splice? From your email it seems you
> have not tried to use these.(If you need instructions I would be happy to
> share what I am using for windows updates and it can be adapted to
> appstore).
>
> Thanks,
> Eliezer
>
> ----
> http://ngtech.co.il/lmgtfy/
> Linux System Administrator
> Mobile: +972-5-28704261
> Email: eliezer at ngtech.co.il
>
>
> From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On
> Behalf Of Hardik Dangar
> Sent: Tuesday, February 7, 2017 9:06 PM
> To: Squid Users <squid-users at lists.squid-cache.org>
> Subject: [squid-users] Transparent Squid issue with Appstore in MacOS
> Sierra
>
>
> Hello,
>
>
> Here is some information about my squid version,
>
> Squid Cache: Version 3.5.23
> Service Name: squid
> configure options:  '--prefix=/usr' '--localstatedir=/var/squid'
> '--libexecdir=/lib/squid' '--srcdir=.' '--datadir=/share/squid'
> '--sysconfdir=/etc/squid' '--with-default-user=proxy'
> '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid'
> '--with-openssl' '--enable-ssl-crtd' '--enable-inline'
> '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock'
> '--enable-removal-policies=lru,heap' '--enable-delay-pools'
> '--enable-follow-x-forwarded-for' '--enable-url-rewrite-helpers=fake'
> '--enable-ecap'
>
>
> We are running squid as transparent proxy and have certs installed in all
> systems. Until recently all our systems were ubuntu or windows. Recently we
> added mac os Seirra and the biggest issue we had with mac is even after
> installing certificates. Few apps have problems.
>
> Our biggest problem is Itunes Store. It just doesn't work for some reason.
> if we check the log we get random ip's trying to connect via 443 port but
> it doesn't connect.
> Also Skype for Mac does not work. strangely this works for windows and
> ubuntu in our network. Again we see the same behavior.
>
> both of these apps does not work even in Iphone and Ipad.
>
> I believe someone must be able to configure transparent squid with Mac.
> can anyone tell me if i need to do anything extra for Mac setup.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170209/378c1fe0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 11297 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170209/378c1fe0/attachment-0001.png>

More information about the squid-users mailing list