[squid-dev] [RFC] "Splicing" bumped requests to resolve\workaround WebSockets issues.
Alex Rousskov
rousskov at measurement-factory.com
Sun Jul 17 19:38:43 UTC 2016
On 07/15/2016 04:29 AM, Eliezer Croitoru wrote:
> The issue:
>
> Clients are issuing secured connections which contains WebSockets
> internally and squid HTTP parsing breaks these connections.
> Another related issue which deserves attention:
>
> Certificate pinning and connection breakage.
>
> Currently we cannot determine for many connections what is the "issue",
> is it the bumping itself of the breakage of a WebSocket http connection.
> An acceptable solution:
>
> Alex mentioned the option to splice a bumped connection.
>
> I do not know exactly what Alex meant since not much details were presented.
I do not know exactly what Alex meant either since you provided no
source for that alleged Alex' opinion.
> As I understand, it would not be possible to do this kind of splice
> without bumping first.
I recommend avoiding "splice after bump" terminology because, in SslBump
context implied by the word "bump", that combination makes no sense: It
is not possible to splice bumped connections.
I suggest using "tunnel after bump" instead. Please note that "tunnel"
(not "splice") is one of the on_unsupported_protocol actions.
HTH,
Alex.
More information about the squid-dev
mailing list