On 07/15/2016 04:29 AM, Eliezer Croitoru wrote: > The issue: > > Clients are issuing secured connections which contains WebSockets > internally and squid HTTP parsing breaks these connections.
> Another related issue which deserves attention: > > Certificate pinning and connection breakage. > > Currently we cannot determine for many connections what is the "issue", > is it the bumping itself of the breakage of a WebSocket http connection. > An acceptable solution: > > Alex mentioned the option to splice a bumped connection. > > I do not know exactly what Alex meant since not much details were presented. I do not know exactly what Alex meant either since you provided no source for that alleged Alex' opinion. > As I understand, it would not be possible to do this kind of splice > without bumping first. I recommend avoiding "splice after bump" terminology because, in SslBump context implied by the word "bump", that combination makes no sense: It is not possible to splice bumped connections. I suggest using "tunnel after bump" instead. Please note that "tunnel" (not "splice") is one of the on_unsupported_protocol actions. HTH, Alex. _______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev