Search squid archive

Re: Dropbox and GoogleDrive apps won't connect with SSLBump enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the info, Rafael.

Stan

On Mon, Aug 31, 2015 at 11:39 PM, Rafael Akchurin <rafael.akchurin@xxxxxxxxxxxx> wrote:
The SSL pinning means dropbox application does know the fingerprint of the certificate of the connection out-of-band and will simply refuse to work with another (even trusted one).

It is not possible to change this behaviour without recompiling unless developers of dropbox has some "managed" mode...


Op 1 sep. 2015 om 00:55 heeft Stanford Prescott <stan.prescott@xxxxxxxxx> het volgende geschreven:

Yes, SSLBump still works with the web apps, but it would be a lot more convenient if the mobile apps would also work.

Does anyone know how to pin Squid's self-signed certificate's public key to Googledrive and Dropbox so that it would work with SSLBump enabled?

Stan

On Mon, Aug 31, 2015 at 3:29 PM, Yuri Voinov <yvoinov@xxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
BTW, GoogleDrive web application still works with bump. Use it, Luke ;)

01.09.15 2:21, Jason Haar пишет:
> On 01/09/15 02:59, Shane King wrote:
>> Accessing via the browser may work but the sync clients that sit in
>> the system tray use certificate pinning I believe. So if certificate
>> pinning is being used, ssl bumping will not work. You will see an
>> alert message in the pcap followed by a connection termination.
>
> This stopped working for me last week - I suspect there was an update or
> something
>
> Really frustrating: one of the primary reasons I want to do TLS
> intercept is to AV all the viruses published on dropbox!!!
>
> If the Cloud providers go full pinning, the future of TLS Intercept is bleak
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users@xxxxxxxxxxxxxxxxxxxxx
> http://lists.squid-cache.org/listinfo/squid-users


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJV5LkrAAoJENNXIZxhPexGH9oH/AyK089Jek7yb/YPB16jAKPJ
LnKgKPQ4r8lu3wm5o4JuOXF6mun79fGVW9dymB5rasTJlHiCHrvXEK4G2KqyRg3B
57TdvHuLhHr+IE0jcpMpk6n/pbdHzYJwkbplTd9HNApw+/LJpfxXVzQZsspJJC58
e12pMXL+i5Dv2vEYLEeySVnDN0mtuBdxD7lxDWFDFDbfBZvoGHEptOQYR3lelEet
xEIds+sNYrjYPK8a9BuiKSK0IqQ5mxhsbUIg4Z7LxyKv3+sTV+aW3HMdKkMoc5t8
bPCHec1eIxU7p9lgyKGn2HXtV1WQ5MAeOuI9YHGqdeSfgCPfT1wYF2imiHC9ez8=
=2wPb
-----END PGP SIGNATURE-----


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux