On 8/07/2015 1:57 a.m., Jasper Van Der Westhuizen wrote: > Hi list > > I have a problem with Windows 10 updates. It seems that Microsoft will do updates via https now. > > --cut-- > 1436268325.765 5294 xxx.xxx.xxx.xxx TCP_REFRESH_UNMODIFIED/206 9899569 GET http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0cbda2af-bf7d-4408-8a17-d305e378c8e5? - HIER_DIRECT/165.165.47.19 application/octet-stream > 1436268333.267 7484 xxx.xxx.xxx.xxx TCP_REFRESH_UNMODIFIED/206 21564261 GET http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0cbda2af-bf7d-4408-8a17-d305e378c8e5? - HIER_DIRECT/165.165.47.19 application/octet-stream > 1436268430.871 147280 xxx.xxx.xxx.xxx TCP_TUNNEL/200 4267 CONNECT cp201-prod.do.dsp.mp.microsoft.com:443 - HIER_DIRECT/23.214.151.174 - > 1436268478.259 96621 xxx.xxx.xxx.xxx TCP_TUNNEL/200 5705 CONNECT array204-prod.do.dsp.mp.microsoft.com:443 - HIER_DIRECT/64.4.54.117 - > 1436268786.878 78517 xxx.xxx.xxx.xxx TCP_TUNNEL/200 5705 CONNECT array204-prod.do.dsp.mp.microsoft.com:443 - HIER_DIRECT/64.4.54.117 - > --cut-- > > To my knowledge there is no way to cache this. Technically yes, there is no way to cache it without breaking into the HTTPS. > How would one handle this? Is it even possible to cache the updates? > SSL-Bump is the Squid feature for accessing HTTPS data in decrypted form for filtering and/or caching. However, that will depend on; a) being able to "bump" the crypto (if the WU app is validating server cert against a known signature its not), b) the content inside actually being HTTPS (they do updates via P2P now too), and c) the HTTP content inside being cacheable (no guarantees, but a good chance its about as cacheable as non-encrypted updates). You are the first to mention it, so there is no existing info on those requirements. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
