[squid-users] Squid SSL Intercept have issues apps on iOS
prashantbhosale
bhoslepu at gmail.com
Tue Apr 11 11:38:16 UTC 2017
I was trying to setup Squid transparent SSLBump and its working. But it
giving problem for Apple apps.
According to threads on mailing list excluded domains (.apple.com
.icloud.com .mzstatic.com .akamaihd.net .dropbox.com) then App Store works
(browsing apps, searching apps) but app installation(from App store) fails
with below squid access log:
1491910115.715 51 10.99.1.1 TAG_NONE/200 0 CONNECT 17.154.66.226:443 -
ORIGINAL_DST/17.154.66.226 -
1491910116.537 52 10.99.1.1 TAG_NONE/200 0 CONNECT 17.154.66.74:443 -
ORIGINAL_DST/17.154.66.74 -
Same issue is happening with Dropbox also, Dropbox app not syncing with
server.
Conf:
http_port 3128 intercept ssl-bump \
cert=/etc/squid/ssl_cert/myCA.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
acl local-servers dstdomain "/etc/squid/allowed.txt"
ssl_bump peek step1
ssl_bump splice local-servers
ssl_bump bump all
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
Is anybody has working conf for sslbump with exclude the HTTP Public Key
Pinning (HPKP) mechanism.
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-SSL-Intercept-have-issues-apps-on-iOS-tp4682052.html
Sent from the Squid - Users mailing list archive at Nabble.com.
More information about the squid-users
mailing list