[squid-users] sslBump adventures in enterprise production environment

Yuri Voinov yvoinov at gmail.com
Mon Nov 16 09:21:44 UTC 2015



16.11.15 12:00, Eugene M. Zheganin пишет:
> Hi.
>
> On 16.11.2015 00:14, Yuri Voinov wrote:
>
>> It's common knowledge. Squid is unable to pass an unknown protocol on
>> the standard port. Consequently, the ability to proxy this protocol does
>> not exist.
>>
>> If it was simply a tunneling ... It is not https. And not just
>> HTTP-over-443. This is more complicated and very marginal protocol.
>>
> I'm really sorry to tell you that, but you are perfectly wrong. These
> non-HTTPS tunnels have been working for years. And this isn't JTTPS
> because of:
Eugene, you don't understand me. I told, that this is 
non-HTTPS-over-443-port. And this is well-known information.

The problem is: Now Squid don't know, how to operate this tunnels.
>
> # openssl s_client -connect login.icq.com:443
> CONNECTED(00000003)
> 34379270680:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 297 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> ---
>
> Eugene.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list