On 8/05/2014 8:38 p.m., Rafael Akchurin wrote:
> Hi jay,
>
> If I am not mistaken dstdom_regex is matched against the *contents* of
> HTTP/HTTPS request - it means if first needs to be bumped. So it will never
> work in your case...
> You need to know not ssl bump traffic before looking into its
-cache.org
Subject: Re: [squid-users] Skype SSL is incompatible with OpenSSL
Hi Raf,
As stated on my previous emal, I tried dstdom_regex to match all
numeric IP addresses and it didn't help me
acl numeric_IPs dstdom_regex
^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-
y Jimenez
> Sent: Thursday, May 8, 2014 5:49 AM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] Skype SSL is incompatible with OpenSSL
>
> Hi Marcus and Pawel,
>
> Thank you very much for all the help. There is only 1 conclusion here.
> We cannot ssl bump Skype an
From: Jay Jimenez
Sent: Thursday, May 8, 2014 5:49 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Skype SSL is incompatible with OpenSSL
Hi Marcus and Pawel,
Thank you very much for all the help. There is only 1 conclusion here.
We cannot ssl bump Skype
On 05/07/2014 03:27 PM, Marcus Kool wrote:
> The design of Squid ssl-bump assumes that a CONNECT to a server always
> has an SSL-based communication channel
> and therefore any software that uses non-SSL traffic on port 443 fails
> to work with ssl-bump.
You are right about that assumption, but i
Hi Marcus and Pawel,
Thank you very much for all the help. There is only 1 conclusion here.
We cannot ssl bump Skype and therefore must be excluded.
I can't find any solution to exclude Skype on my squid.conf file. I
have tried to exclude ^skype browser and/or exclude .microsoft.com,
.live.com a
On 05/07/2014 10:55 AM, Pawel Mojski wrote:
W dniu 2014-05-07 15:40, Marcus Kool pisze:
[...]
certificate chain:
Certificate chain
0 s:/CN=*.gateway.messenger.live.com
i:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
1 s:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN
W dniu 2014-05-07 15:40, Marcus Kool pisze:
[...]
>> certificate chain:
>> Certificate chain
>> 0 s:/CN=*.gateway.messenger.live.com
>> i:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
>> 1 s:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2
>> i:/CN=
On 05/07/2014 06:44 AM, Pawel Mojski wrote:
W dniu 2014-05-07 04:52, Jay Jimenez pisze:
Hi Marcus and Amos,
[...]
I'm wondering if there's someone who successfully allowed Skype to
fake CONNECT to squid (I'm referring to interception not explicit
proxying). I cannot fully implement https i
W dniu 2014-05-07 04:52, Jay Jimenez pisze:
> Hi Marcus and Amos,
[...]
> I'm wondering if there's someone who successfully allowed Skype to
> fake CONNECT to squid (I'm referring to interception not explicit
> proxying). I cannot fully implement https interception until I find a
> solution to pr
Hi Marcus and Amos,
Thank you for the clarification. In my case that I am using fake
connect (interception proxy), there must be a way on how to exclude
skype on SSL Bumping. I tried to exclude browser ^skypeuser
agent as discussed with squid wiki and still doesn't work. Also, I
tried to exc
On 05/02/2014 08:21 AM, Jay Jimenez wrote:
Hi Amos,
Thank you for the response.
Any advice of how would I know exactly what SSL/TLS version skype is
using and how do I enable those versions to my squid box?
It has been a while since I investigated Skype but my findings at that time
were tha
On 2/05/2014 11:21 p.m., Jay Jimenez wrote:
> Hi Amos,
>
> Thank you for the response.
>
> Any advice of how would I know exactly what SSL/TLS version skype is
> using and how do I enable those versions to my squid box?
>
> What are changes in 3.4.5 in terms of ssl bumping? Would it help me on
>
Hi Amos,
Thank you for the response.
Any advice of how would I know exactly what SSL/TLS version skype is
using and how do I enable those versions to my squid box?
What are changes in 3.4.5 in terms of ssl bumping? Would it help me on
my existing transparent setup to resolve my skype issue?
Th
On 2/05/2014 10:34 p.m., Jay Jimenez wrote:
> Hi,
>
> I have squid setup that is currently doing transparent SSL
> interception. Almost all websites work flawlessly like
> https://facebook.com, gmail, banking websites etc. However, when
> intercepting SKYPE I've got the following error on my cache
Hi,
I have squid setup that is currently doing transparent SSL
interception. Almost all websites work flawlessly like
https://facebook.com, gmail, banking websites etc. However, when
intercepting SKYPE I've got the following error on my cache.log
2014/05/02 18:18:11 kid1| clientNegotiateSSL: Err
16 matches
Mail list logo
