<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Hello Yuri,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Luckily the same topic was just discussed on our forum – please see if this can help
<a href="https://groups.google.com/d/msg/quintolabs-content-security-for-squid-proxy/GKIV3FpYSBE/9IET-4hg_tEJ">
https://groups.google.com/d/msg/quintolabs-content-security-for-squid-proxy/GKIV3FpYSBE/9IET-4hg_tEJ</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">It describes the iptables settings for successful SSL bump exclusions for Dropbox clients / Google Drive / iTunes (bypassing SSL Bump because of SSL Pinning).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Raf<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> squid-users [mailto:squid-users-bounces@lists.squid-cache.org]
<b>On Behalf Of </b>Rafael Akchurin<br>
<b>Sent:</b> Tuesday, December 30, 2014 4:23 PM<br>
<b>To:</b> Yuri Voinov; squid-users@lists.squid-cache.org<br>
<b>Subject:</b> Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div id="divtagdefaultwrapper">
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">Only exclusion from SSL Bump as far as I know.<o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">raf<o:p></o:p></span></p>
<div>
<div class="MsoNormal" align="center" style="text-align:center;background:white">
<span style="font-family:"Calibri",sans-serif;color:#212121">
<hr size="3" width="98%" align="center">
</span></div>
<div id="divRplyFwdMsg">
<p class="MsoNormal" style="background:white"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Yuri Voinov <<a href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a>><br>
<b>Sent:</b> Tuesday, December 30, 2014 3:19 PM<br>
<b>To:</b> Rafael Akchurin; <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<b>Subject:</b> Re: [squid-users] Squid 3 SSL bump: Google drive application could not connect</span><span style="font-family:"Calibri",sans-serif;color:#212121">
<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121"> <o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121"><br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA1 <br>
<br>
May be.<br>
<br>
Does workaround exists?<br>
<br>
30.12.2014 20:09, Rafael Akchurin ?????:<br>
> SSL Pinning? (I know Dropbox does this)<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> my two cents only :)<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> Raf<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> ________________________________________<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> From: squid-users
<a href="mailto:squid-users-bounces@lists.squid-cache.org"><o:p></o:p></a></span></p>
<p class="MsoNormal" style="background:white"><span class="MsoHyperlink"><span style="font-family:"Calibri",sans-serif"><a href="mailto:squid-users-bounces@lists.squid-cache.org"><squid-users-bounces@lists.squid-cache.org></a></span></span><span style="font-family:"Calibri",sans-serif;color:#212121">
on behalf of Yuri Voinov <a href="mailto:yvoinov@gmail.com"><o:p></o:p></a></span></p>
<p class="MsoNormal" style="background:white"><span class="MsoHyperlink"><span style="font-family:"Calibri",sans-serif"><a href="mailto:yvoinov@gmail.com"><yvoinov@gmail.com></a></span></span><span style="font-family:"Calibri",sans-serif;color:#212121"><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> Sent: Tuesday, December 30, 2014 2:12 PM<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> To:
<a href="mailto:squid-users@lists.squid-cache.org"><o:p></o:p></a></span></p>
<p class="MsoNormal" style="background:white"><span class="MsoHyperlink"><span style="font-family:"Calibri",sans-serif"><a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a></span></span><span style="font-family:"Calibri",sans-serif;color:#212121"><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> Subject: [squid-users] Squid 3 SSL bump: Google drive application could not connect<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> Hi gents,<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> I found strange issue.<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> Squid 3.4.10. Intercept. HTTPS bumping. All works fine. All configs correct.<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> Whenever all web https sites works perfectly - especially in Chrome,<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> most cloud clients works like charm (SpiderOak is!), Google Drive client<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> application (PC) could not work.<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> Note: Web Google Docs works. Web Google drive works.<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> Note: Google support info - even I if pass dozen Google URL's without<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> bump - cannot help. It doesn't work when server-first bumping is on and<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> works othervise.<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> So, the Serious Question is: Why? :)<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> Any idea?<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> _______________________________________________<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">> squid-users mailing list<br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">>
<a href="mailto:squid-users@lists.squid-cache.org"><o:p></o:p></a></span></p>
<p class="MsoNormal" style="background:white"><span class="MsoHyperlink"><span style="font-family:"Calibri",sans-serif"><a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a></span></span><span style="font-family:"Calibri",sans-serif;color:#212121"><br>
<br>
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:#212121">>
<a href="http://lists.squid-cache.org/listinfo/squid-users"><o:p></o:p></a></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span class="MsoHyperlink"><span style="font-family:"Calibri",sans-serif"><a href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span></span><span style="font-family:"Calibri",sans-serif;color:#212121"><br>
<br>
-----BEGIN PGP SIGNATURE----- <br>
Version: GnuPG v2 <br>
<br>
iQEcBAEBAgAGBQJUorRuAAoJENNXIZxhPexGRPEH/0Vlh/kZINRlo3IaDe/9UYSW <br>
M0oaXQemB2Wg/wvNMdZ8SA3F4dUJUuHgS/y7FXcCgP/KgWnudsoJ7oPiHEVNPzt3 <br>
L8K7rNPy3d/c/+baXilh4/xErp/mAOKU/mLBqd0GQYQ2N7bAsWpsWqt7/dTGxWkU <br>
kLVgFJr9JblxVdABAZ7JTooye3bLskdrAB/865vZOyQcveozW6d4TKZwaEGFrq/d <br>
b/3Mki4T6YLMG248jVN+43W2us6Z598geDLn8aJN+zb/s6TBEzxy1d5tUROM4a2A <br>
1rE7B92o+9leZi+JdQAGX4l7Um1WVmrnih52w+Pxz/PR/k7Hz+fCcQBlUtsqvMk= <br>
=Lf+I <br>
-----END PGP SIGNATURE----- <o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</body>
</html>