[squid-users] Squid Peek/Splice some issues

Amos Jeffries squid3 at treenet.co.nz
Tue Jun 21 08:31:00 UTC 2016


On 21/06/2016 9:43 a.m., --Ahmad-- wrote:
> Hi ,
> i have squid that is working on 3.5 .
> traffic of t 80 and 443 traffic to Squid via IPTables.
> 
> Squid then passes traffic to ClamAV via C-ICAP. Squid is configured to intercept all SSL traffic and PKI has been setup and distributed to all clients.
> 
> we have a problem in  Skype of Business (Office 365) and Slack (Chat app)  seems its broken from squid intercept.

* Skype uses a protocol which appears very much ike TLS/SSL. But is not.
So it usually breaks when treated as TLS.

* Office 365 uses a non-HTTP protocol (RTP, RPC) inside its TLS. So
Squid cannot SSL-Bump it.

* I imagine that Slack probably does not use HTTPS as well, but some
other chat protocol.

For all of the above you will probably need the on_unsupported_protocol
feature in Squid-4.

Amos



More information about the squid-users mailing list