W dniu 2014-05-07 04:52, Jay Jimenez pisze: > Hi Marcus and Amos, [...] > I'm wondering if there's someone who successfully allowed Skype to > fake CONNECT to squid (I'm referring to interception not explicit > proxying). I cannot fully implement https interception until I find a > solution to properly intercept Skype. > > Many thanks in advance for all the help. It is very difficult to implement it on squid, but, theoretically you may bypass any sslbumping to remote-side which intruduce self with this certificate chain: Certificate chain 0 s:/CN=*.gateway.messenger.live.com i:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2 1 s:/DC=com/DC=microsoft/DC=corp/DC=redmond/CN=MSIT Machine Auth CA 2 i:/CN=Microsoft Internet Authority 2 s:/CN=Microsoft Internet Authority i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root You can *try* to prepare own external acl helper to check it. Skype transmission by desing is ssl over 443 tcp port, but if skype detects that remote server introducing with wrong certificate, then just drop connection. We can't even check if transmision is really http over ssl, it might be anything. But, the most important question is why you want to do it? Leaving skype goes through you are opening your local network for really don't know what. It can be any transmission, file sharing, remote desktop, you name it. So, all your security mechanisms you can throw away, useless with open skype. Regards; Pawel Mojski
