[squid-users] Squid works with ssl bump in intercept mode and root certificate in browser, but apps does not work
squid3 at treenet.co.nz
Thu May 18 11:18:00 UTC 2017
On 18/05/17 22:59, Marcus Kool wrote:
> You have not stated which version of Squid you are using but my guess
> is that it is 3.5.x.
> facebook app and other apps use port 443 but do not use HTTPS and
> therefore Squid does not how to bump it and consequently the app does
> not work.
> What you need is the not yet stable Squid 4.0 and use the option
> on_unsupported_protocol tunnel all
> so that the non-HTTPS protocols get through without being bumped.
Also apps are more likely to have certificate pinning in operation since
the domains they need to contact is much smaller than a general-use
browser. If that is done the traffic cannot be bump'ed (only peek,
stare, splice or terminate work).
More information about the squid-users