<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="GENERATOR" content="GtkHTML/4.8.5">
</head>
<body>
<br>
<blockquote type="CITE">On 8/07/2015 1:57 a.m., Jasper Van Der Westhuizen wrote:<br>
> Hi list<br>
> <br>
> I have a problem with Windows 10 updates. It seems that Microsoft will do updates via https now.<br>
> <br>
> --cut--<br>
> 1436268325.765 5294 xxx.xxx.xxx.xxx TCP_REFRESH_UNMODIFIED/206 9899569 GET <a href="http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0cbda2af-bf7d-4408-8a17-d305e378c8e5?">
http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0cbda2af-bf7d-4408-8a17-d305e378c8e5?</a> - HIER_<a href="http://DIRECT/165.165.47.19">DIRECT/165.165.47.19</a>
application/octet-stream<br>
> 1436268333.267 7484 xxx.xxx.xxx.xxx TCP_REFRESH_UNMODIFIED/206 21564261 GET <a href="http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0cbda2af-bf7d-4408-8a17-d305e378c8e5?">
http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0cbda2af-bf7d-4408-8a17-d305e378c8e5?</a> - HIER_<a href="http://DIRECT/165.165.47.19">DIRECT/165.165.47.19</a>
application/octet-stream<br>
> 1436268430.871 147280 xxx.xxx.xxx.xxx TCP_TUNNEL/200 4267 CONNECT cp201-prod.do.dsp.mp.microsoft.com:443 - HIER_<a href="http://DIRECT/23.214.151.174">DIRECT/23.214.151.174</a>
-<br>
> 1436268478.259 96621 xxx.xxx.xxx.xxx TCP_TUNNEL/200 5705 CONNECT array204-prod.do.dsp.mp.microsoft.com:443 - HIER_<a href="http://DIRECT/64.4.54.117">DIRECT/64.4.54.117</a>
-<br>
> 1436268786.878 78517 xxx.xxx.xxx.xxx TCP_TUNNEL/200 5705 CONNECT array204-prod.do.dsp.mp.microsoft.com:443 - HIER_<a href="http://DIRECT/64.4.54.117">DIRECT/64.4.54.117</a>
-<br>
> --cut--<br>
> <br>
> To my knowledge there is no way to cache this.<br>
<br>
Technically yes, there is no way to cache it without breaking into the<br>
HTTPS.<br>
<br>
> How would one handle this? Is it even possible to cache the updates?<br>
> <br>
<br>
SSL-Bump is the Squid feature for accessing HTTPS data in decrypted form<br>
for filtering and/or caching.<br>
<br>
However, that will depend on;<br>
a) being able to "bump" the crypto (if the WU app is validating server<br>
cert against a known signature its not),<br>
b) the content inside actually being HTTPS (they do updates via P2P now<br>
too), and<br>
c) the HTTP content inside being cacheable (no guarantees, but a good<br>
chance its about as cacheable as non-encrypted updates).<br>
<br>
You are the first to mention it, so there is no existing info on those<br>
requirements.<br>
<br>
Amos<br>
<br>
_______________________________<br>
</blockquote>
Thank you Amos. <br>
<br>
Like in Windows 8.1, these updates are HUGE. I will keep an eye on developments. Microsoft really makes things difficult. For now we will be shaping the bandwidth on the network layer.<br>
<br>
Kind Regards<br>
Jasper<br>
<br>
<br>
<br>
<br>
<mc type="body"><br>
<br>
<font face="Arial;" size="1">Disclaimer:<br>
<a href="http://www.shopriteholdings.co.za/Pages/ShopriteE-mailDisclaimer.aspx" target="_blank">http://www.shopriteholdings.co.za/Pages/ShopriteE-mailDisclaimer.aspx</a>
</font>
</body>
</html>