[squid-users] Skype bypass using ssl_bump peek
Yu-Hsuan Liao
windflower1201 at gmail.com
Fri Dec 12 09:31:02 UTC 2014
Hello everyone,
I'm trying to using Squid 3.5's new feature peek-and-splice to bypass
Skype connection
I'm a little confused about ssl_bump steps,
the wiki says that
peek Receive client (step SslBump1) or server (step SslBump2)
certificate while preserving the possibility of splicing the
connection.
My question is: does ssl_bump make decision to bump or splice connection
when Squid gets the ServerHello message?
cos I found that Skype voice connection is first
1. client send Clien tHello
2. server send Server Hello
then began the skype data payload transmit(non-SSL format, not the
rest SSL handshake)
so that I still got the "Error negotiating SSL connection on FD"
message in cache.log
Does peek-and-splice function cover above situation, or I just
misunderstand the usage of ssl_bump peek?
my squid ver. is 3.5.0.3
squid.config setting is
acl skype_list dstdomain "skype_list"
ssl_bump peek skype_list
ssl_bump stare all
Thanks.
More information about the squid-users
mailing list