[squid-users] Make websockets work without splicing TLS connections
Alex Rousskov
rousskov at measurement-factory.com
Tue Jul 3 15:00:46 UTC 2018
On 07/03/2018 06:59 AM, Ahmad, Sarfaraz wrote:
>>> Squid does not understand WebSocket protocol (yet).
> Is supporting Websockets on the roadmap ?
Yes, we are working on tunneling WebSockets traffic after a successful
HTTP Upgrade exchange with the server (with admin permission, of course).
Alex.
> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
> Sent: Tuesday, July 3, 2018 6:15 PM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] Make websockets work without splicing TLS connections
>
> On 04/07/18 00:19, Ahmad, Sarfaraz wrote:
>> Guys,
>>
>>
>>
>> Can you think of a way to make websockets work without splicing TLS
>> connections ?
>>
>
> Squid does not understand WebSocket protocol (yet). So splicing is the only option once the traffic is already going into the proxy.
>
> Squid does support enough WebSockets to trigger the HTTP failover mechanism sin WebSockets. But many clients and/or servers apparently do not actually support WebSockets properly and break when that proxy compatibility mechanism is used.
>
> WebSocket has its own port for native traffic. So letting that through your firewall should theoretically be enough.
>
>
>
>> I don’t think on_unsupported _protocol would work here .// Also would
>
> It may, but I agree that is not expected. WebSockets uses HTTP-like syntax in its first message to be compatible with HTTPS servers.
>
>
>> on_unsupported_protocol work where the remote server abuses 443 for
>> something other than TLS ?
>
> It should. Weird non-standard crap abusing port 443 is what that directive was designed to help workaround.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list