I have seen this issue on 3.1.x and cannot find anything in the Changelog
that indicates that this issue is resolved in 3.3.
What I observed in 3.1 is that sslbump assumes that all
CONNECTs are used for SSL-wrapped HTTP traffic and lets
all applications that use port 443 for other protocols hang
when the SSL handshake fails.
Marcus
On 11/27/2012 11:48 AM, Eliezer Croitoru wrote:
if it's linux machine try to use firewall rules to block all traffic with TCP-RESET except dst port 80 and 443.
This will close some of the things for you.
but 3.head 1408 it's kind of old.
you can try the latest 3.3.0.1 beta which have pretty good chance of to solve it by the new features.
Regards,
Eliezer
On 11/27/2012 3:19 PM, Sean Boran wrote:
Typically one wishes to block Skype, but I'd like to enable it :-)
Looking at the access.log, the following domains were excluded from ssl bump:
.skype.com
.skypeassets.com
skype.tt.omtrdc.net
But skype still tried for ages to login and never succeeds.
In skype, despite have configure a proxy, it still tries to do lots of
direct connections too.
I did find a skype admin guide, but nothing useful on how to debug
that opaque tool's traffic..
https://support.skype.com/resources/sites/SKYPE/content/live/DOCUMENTS/0/DO5/en_US/skype-it-administrators-guide.pdf
Running 3.HEAD-20120814-r12282.
Any tips?
Sean
