[squid-users] (SQUID 4.11) SSl_bump Fails on IOS and Android devices
Amos Jeffries
squid3 at treenet.co.nz
Mon May 11 00:59:01 UTC 2020
On 11/05/20 8:26 am, Allan Raymond Ignacio wrote:
> I have compiled and installed SQUID_4.11-3 with SSL, CRTD on debian10
> and here is my configuration -
>
>
...
>
> ### I can browse https on laptops BUT when I used IOS devices or
> android, I get errors with this -
>
>
> 1589083941.053 1 192.168.10.15 NONE_ABORTED/200 0 CONNECT
> 157.240.18.35:443 <http://157.240.18.35:443> - HIER_NONE/- -
>
The client is disconnecting during the TLS handshake. Worth looking into
the TLS traffic to see what is going on, but expect good chances that
cert pinning or TLS/1.3 is being used here.
>
> If anyone can point to me what's wrong with my squid.conf configuration
> or can provide me with a working squid.conf for ssl_bump, I will be
> indebted to you.
>
Looks like a reasonable config to me.
An always-working config is not possible at this time. TLS is still a
volatile environment and the SSL-Bump features constantly undergoing
improvements. Which some of its behaviours are gaining stability, the
SSL-Bump feature overall is still experimental.
Amos
More information about the squid-users
mailing list