On 07/15/2016 04:29 AM, Eliezer Croitoru wrote:
> The issue:
> 
> Clients are issuing secured connections which contains WebSockets
> internally and squid HTTP parsing breaks these connections.

> Another related issue which deserves attention:
> 
> Certificate pinning and connection breakage.
> 
> Currently we cannot determine for many connections what is the "issue",
> is it the bumping itself of the breakage of a WebSocket http connection.



> An acceptable solution:
> 
> Alex mentioned the option to splice a bumped connection.  
> 
> I do not know exactly what Alex meant since not much details were presented.

I do not know exactly what Alex meant either since you provided no
source for that alleged Alex' opinion.


> As I understand, it would not be possible  to do this kind of splice
> without bumping first.

I recommend avoiding "splice after bump" terminology because, in SslBump
context implied by the word "bump", that combination makes no sense: It
is not possible to splice bumped connections.

I suggest using "tunnel after bump" instead. Please note that "tunnel"
(not "splice") is one of the on_unsupported_protocol actions.


HTH,

Alex.

_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

Reply via email to