[squid-users] Make websockets work without splicing TLS connections

Alex Rousskov rousskov at measurement-factory.com
Tue Jul 3 15:00:46 UTC 2018


On 07/03/2018 06:59 AM, Ahmad, Sarfaraz wrote:
>>> Squid does not understand WebSocket protocol (yet).
> Is supporting Websockets on the roadmap ? 

Yes, we are working on tunneling WebSockets traffic after a successful
HTTP Upgrade exchange with the server (with admin permission, of course).

Alex.



> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
> Sent: Tuesday, July 3, 2018 6:15 PM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Make websockets work without splicing TLS connections
> 
> On 04/07/18 00:19, Ahmad, Sarfaraz wrote:
>> Guys,
>>
>>  
>>
>> Can you think of a way to make websockets work without splicing TLS 
>> connections ?
>>
> 
> Squid does not understand WebSocket protocol (yet). So splicing is the only option once the traffic is already going into the proxy.
> 
> Squid does support enough WebSockets to trigger the HTTP failover mechanism sin WebSockets. But many clients and/or servers apparently do not actually support WebSockets properly and break when that proxy compatibility mechanism is used.
> 
> WebSocket has its own port for native traffic. So letting that through your firewall should theoretically be enough.
> 
> 
> 
>> I don’t think on_unsupported _protocol would work here .// Also would
> 
> It may, but I agree that is not expected. WebSockets uses HTTP-like syntax in its first message to be compatible with HTTPS servers.
> 
> 
>> on_unsupported_protocol work where the remote server abuses 443 for 
>> something other than TLS ?
> 
> It should. Weird non-standard crap abusing port 443 is what that directive was designed to help workaround.
> 
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 



More information about the squid-users mailing list