[squid-users] (SQUID 4.11) SSl_bump Fails on IOS and Android devices

Amos Jeffries squid3 at treenet.co.nz
Mon May 11 00:59:01 UTC 2020


On 11/05/20 8:26 am, Allan Raymond Ignacio wrote:
> I have compiled and installed SQUID_4.11-3 with SSL, CRTD on debian10
> and here is my configuration - 
> 
> 
...
> 
> ### I can browse https on laptops BUT when I used IOS devices or
> android, I get errors with this -
> 
> 
> 1589083941.053      1 192.168.10.15 NONE_ABORTED/200 0 CONNECT
> 157.240.18.35:443 <http://157.240.18.35:443> - HIER_NONE/- -
> 

The client is disconnecting during the TLS handshake. Worth looking into
the TLS traffic to see what is going on, but expect good chances that
cert pinning or TLS/1.3 is being used here.


> 
> If anyone can point to me what's wrong with my squid.conf configuration
> or can provide me with a working squid.conf for ssl_bump, I will be
> indebted to you. 
> 

Looks like a reasonable config to me.

An always-working config is not possible at this time. TLS is still a
volatile environment and the SSL-Bump features constantly undergoing
improvements. Which some of its behaviours are gaining stability, the
SSL-Bump feature overall is still experimental.

Amos


More information about the squid-users mailing list