Re: [squid-users] Splice using SubjectCN/SAN from remote server certificate
On 06/25/2018 11:42 PM, Ahmad, Sarfaraz wrote: > we cannot look at the SubjectCN/SAN in the remote server certificate > and then decide whether we want to splice or bump. (peeking at step > 2 really restricts our options) Is my understanding correct ? Or is > there a way to accomplish this ? In some rare cases, it is possible to peek at the server and then bump the connections: For that to work, Squid must fool OpenSSL into believing that OpenSSL generated the forwarded ClientHello message. This requires adjusting internal OpenSSL state. That adjustment is possible for some OpenSSL versions. Relying on this trick is unsafe because the server may use a cipher (or another TLS feature) that Squid does not actually support, precluding bumping. In most modern scenarios, the adjustment is either impossible or unsafe. Moderns Squids do not enable this feature by default: > checking whether hello message can be overwritten in SSL struct... possibly; > to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1 Similarly, there are rare cases where it is possible to stare at the server and then splice the connections. Doing so requires using the same hack as described above: Squid forwards ClientHello intact while allowing OpenSSL to later bump the connection because OpenSSL thinks that it sent that ClientHello. FWIW, please note that it is not possible to forward a modified ClientHello and then splice TLS connections. Splicing requires forwarding intact ClientHello and ServerHello messages because TLS agents exchange their checksums in the Finished messages. Also, TLS v1.3 will make most of this irrelevant because it encrypts the server certificate. You would have to make most of your decisions during step2. HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Splice using SubjectCN/SAN from remote server certificate
On 26/06/18 17:42, Ahmad, Sarfaraz wrote: > I realize that unlike other proprietary MITM appliances, Squid doesn't fiddle > with the original client hello. That is not strictly true. It depends on what you have configured Squid to do. Squid does adjust the TLS extensions to only allow features that are supported (ie ALPN to remove HTTP/2, etc which is not yet supported by Squid). > I think this magnifies into the fact that we cannot look at the SubjectCN/SAN > in the remote server certificate and then decide whether we want to splice or > bump. (peeking at step 2 really restricts our options) > Is my understanding correct ? No. Peeking at the client Hello does not impact the final decision, whether you peek or stare at the server Hello is what does that. > Or is there a way to accomplish this ? If the client and proxy capabilities and OpenSSL config are identical (or nearly so) then theoretically Squid can still splice after a stare action. But whether the current SSL-Bump implementation is smart enough to detect that case I'm not sure. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] Splice using SubjectCN/SAN from remote server certificate
I realize that unlike other proprietary MITM appliances, Squid doesn't fiddle with the original client hello. I think this magnifies into the fact that we cannot look at the SubjectCN/SAN in the remote server certificate and then decide whether we want to splice or bump. (peeking at step 2 really restricts our options) Is my understanding correct ? Or is there a way to accomplish this ? Best Regards, Sarfaraz ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users