On 21/12/2012 12:36 a.m., Leonardo Rodrigues wrote:
Hi,
Is it possible, with any version of squid, to identify REAL SSL
connections using CONNECT method ? The idea is blocking some softwares
thattunnel connections, through squid and on 443 ports, but are not
real SSL connections, like Skype and other P2P softwares.
The idea is a bit flawed. SSL is a transport layer like TCP or HTTP
itself. It is quite possible that Skype and P2P are using SSL inside the
tunnel.
Very often you have to accept and confirm successful tunnel creation
along with any protocol greeting the server would have produced in
non-HTTPS traffic before the client will send anything you can use to
identify the protocol they are expecting from the server.
Amos
