Re: [squid-users] Skype SSL is incompatible with OpenSSL

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Wed, 07 May 2014 22:07:12 -0600

On 05/07/2014 03:27 PM, Marcus Kool wrote:

> The design of Squid ssl-bump assumes that a CONNECT to a server always
> has an SSL-based communication channel
> and therefore any software that uses non-SSL traffic on port 443 fails
> to work with ssl-bump.

You are right about that assumption, but it is not really a part of the
SslBump design as such. There is just not enough code to handle this
case better.

FWIW, two active Squid projects, non-HTTP bypass and Peek-and-Splice,
are laying the ground work to give an admin the ability to tunnel
"unwanted" traffic (for various definitions of "unwanted"), but even
after those two projects are completed, more work will be needed to be
able to tunnel non-SSL traffic more-or-less comfortably in the presence
of SslBump. Hopefully, there will be enough interest to get it done.

Cheers,

Alex.
Received on Thu May 08 2014 - 04:07:24 MDT

This archive was generated by hypermail 2.2.0 : Thu May 08 2014 - 12:00:04 MDT