I have seen this issue on 3.1.x and cannot find anything in the Changelog
that indicates that this issue is resolved in 3.3.
What I observed in 3.1 is that sslbump assumes that all
CONNECTs are used for SSL-wrapped HTTP traffic and lets
all applications that use port 443 for other protocols hang
when the SSL handshake fails.
Marcus
On 11/27/2012 11:48 AM, Eliezer Croitoru wrote:
> if it's linux machine try to use firewall rules to block all traffic with TCP-RESET except dst port 80 and 443.
>
> This will close some of the things for you.
> but 3.head 1408 it's kind of old.
> you can try the latest 3.3.0.1 beta which have pretty good chance of to solve it by the new features.
>
> Regards,
> Eliezer
>
>
> On 11/27/2012 3:19 PM, Sean Boran wrote:
>> Typically one wishes to block Skype, but I'd like to enable it :-)
>>
>> Looking at the access.log, the following domains were excluded from ssl bump:
>> .skype.com
>> .skypeassets.com
>> skype.tt.omtrdc.net
>>
>> But skype still tried for ages to login and never succeeds.
>> In skype, despite have configure a proxy, it still tries to do lots of
>> direct connections too.
>> I did find a skype admin guide, but nothing useful on how to debug
>> that opaque tool's traffic..
>> https://support.skype.com/resources/sites/SKYPE/content/live/DOCUMENTS/0/DO5/en_US/skype-it-administrators-guide.pdf
>>
>> Running 3.HEAD-20120814-r12282.
>>
>> Any tips?
>>
>> Sean
>>
>
Received on Tue Nov 27 2012 - 22:32:39 MST
This archive was generated by hypermail 2.2.0 : Wed Nov 28 2012 - 12:00:05 MST