[squid-users] Squid works with ssl bump in intercept mode and root certificate in browser, but apps does not work

Amos Jeffries squid3 at treenet.co.nz
Thu May 18 11:18:00 UTC 2017


On 18/05/17 22:59, Marcus Kool wrote:
> You have not stated which version of Squid you are using but my guess 
> is that it is 3.5.x.
>
> facebook app and other apps use port 443 but do not use HTTPS and 
> therefore Squid does not how to bump it and consequently the app does 
> not work.
>
> What you need is the not yet stable Squid 4.0 and use the option
>    on_unsupported_protocol tunnel all
> so that the non-HTTPS protocols get through without being bumped.

Also apps are more likely to have certificate pinning in operation since 
the domains they need to contact is much smaller than a general-use 
browser. If that is done the traffic cannot be bump'ed (only peek, 
stare, splice or terminate work).

Amos



More information about the squid-users mailing list