[squid-users] Squid and DoT
Alex Rousskov
rousskov at measurement-factory.com
Thu Jan 27 17:51:36 UTC 2022
On 1/27/22 12:32 PM, clark_wfh at hotmail.com wrote:
> Can squid bump TLS connections for DNS over TLS ? I tried TLS
> interception passively and redirected port 853 to the proxy port. It
> looks like squid receives the connection but cannot forward it. I think
> this could be due to lack of headers, at least there was some related
> error. Should squid work in theory with DoT?
When decrypting intercepted TLS, SslBump expects to find HTTP, not DNS
messages. Squid can decrypt DoT but, if you are lucky, will treat what
is inside according to the on_unsupported_protocol settings.
Squid can be enhanced to recognize DNS messages inside DoT connections,
but I doubt it should be.
HTH,
Alex.
More information about the squid-users
mailing list