[squid-users] Squid Peek/Splice some issues

--Ahmad-- ahmed.zaeem at netstream.ps
Tue Jun 21 12:18:34 UTC 2016


Dear Amos & eliezer

all i need right now is just having it work , since Iā€™m not interested in caching and i can accept the low security affect .

can i keep on squid 3.5 and  do the idea of eliezer  that is ā€œ"bypassing squid SSL unwrapping.ā€ā€ ??


thank you 


> On Jun 21, 2016, at 11:31 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> 
> On 21/06/2016 9:43 a.m., --Ahmad-- wrote:
>> Hi ,
>> i have squid that is working on 3.5 .
>> traffic of t 80 and 443 traffic to Squid via IPTables.
>> 
>> Squid then passes traffic to ClamAV via C-ICAP. Squid is configured to intercept all SSL traffic and PKI has been setup and distributed to all clients.
>> 
>> we have a problem in  Skype of Business (Office 365) and Slack (Chat app)  seems its broken from squid intercept.
> 
> * Skype uses a protocol which appears very much ike TLS/SSL. But is not.
> So it usually breaks when treated as TLS.
> 
> * Office 365 uses a non-HTTP protocol (RTP, RPC) inside its TLS. So
> Squid cannot SSL-Bump it.
> 
> * I imagine that Slack probably does not use HTTPS as well, but some
> other chat protocol.
> 
> For all of the above you will probably need the on_unsupported_protocol
> feature in Squid-4.
> 
> Amos
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160621/dfbdedaf/attachment.html>


More information about the squid-users mailing list