[squid-users] Squid works with ssl bump in intercept mode and root certificate in browser, but apps does not work

Alex Rousskov rousskov at measurement-factory.com
Thu May 18 16:15:59 UTC 2017

On 05/18/2017 06:46 AM, arun.xavier wrote:

> is it possible to configure squid to peek/splice pinned requests? 

It is impossible. The TLS client decides which certificates are pinned
to which servers. Squid cannot know that because the client commitment
to pin is not expressed in the TLS protocol.

Said that, please do pay attention to Yuri's response quoted below. Yuri
has identified your immediate problem, which is _not_ pinning.


> On 05/18/2017 07:55 AM, Yuri wrote:
>> The issue is crystal:
>> tlsv1 alert unknown ca
>> Check you configured CA bundle available for squid.

More information about the squid-users mailing list