I've been finding some problems with Skype when combined with TProxy and HTTPS interception and wondered if anyone had seen this before:
Skype works so long as HTTPS interception is not performed and traffic to TCP and UDP ports 1024-65535 is allowed directly out to the internet. Enabling SSL-bump seems to break things - When making a call, Skype makes an SSL connection to go.trouter.io, which Squid successfully bumps. Skype then makes a GET request to https://go.trouter.io/v3/c?auth=true&timeout=55 over the SSL connection, but the HTTPS server responds with a "400 Bad Request" error and Skype fails to work.
The Skype client clearly isn't rejecting the intercepted connection since it is making HTTPS requests over it, but I can't see why the server would be returning an error. Obviously I can't see what's going on inside the connection when it isn't being bumped, but it does work then. The only thing I can think is maybe the server is examining the SSL handshake and returning an error because it knows it isn't talking directly to the Skype client - but that seems like an odd way of doing things, rather than rejecting the SSL handshake in the first place.
-- - Steve Hill Technical Director Opendium Limited http://www.opendium.com Direct contacts: Instant messager: xmpp:st...@opendium.com Email: st...@opendium.com Phone: sip:st...@opendium.com Sales / enquiries contacts: Email: sa...@opendium.com Phone: +44-1792-824568 / sip:sa...@opendium.com Support contacts: Email: supp...@opendium.com Phone: +44-1792-825748 / sip:supp...@opendium.com _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
