Search squid archive

Re: Skype, SSL bump and go.trouter.io

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 06/07/16 20:44, Eliezer Croitoru wrote:


There are couple options to the issue and a bad request can happen if
squid transforms or modifies the request. Did you tried to use basic
debug sections output to verify if you are able to "replicate" the
request using a tiny script or curl? I think that section 11 is the
right one to start with
(http://wiki.squid-cache.org/KnowledgeBase/DebugSections) There were
couple issues with intercepted https connections in the past but a
400 means that something is bad and mainly in the expected input and
not a certificate but it is possible that other reasons are there. I
have not tried to use skype in a transparent environment for a very
long time but I can try to test it later.


I tcpdumped the icap REQMOD session to retrieve the request and tried it
manually (direct to the Skype server) with openssl s_client.  The Skype
server (not Squid) returned a 400.  But of course, the Skype request
contains various data that the server will probably (correctly) see as a
replay attack, so it isn't a very good test - all I can really say is
that the real Skype client was getting exactly the same error from the
server when the connection is bumped, but works fine when it is tunnelled.

Annoyingly, Skype doesn't include an SNI in the handshake, so peeking in
order to exclude it from being bumped isn't an option.
The odd thing is that I have had Skype working in a transparent environment previously (with the unprivalidged ports unfirewalled), so I wonder if this is something new from Microsoft. 

--
 - Steve Hill
   Technical Director
   Opendium Limited     http://www.opendium.com

Direct contacts:
   Instant messager: xmpp:steve@xxxxxxxxxxxx
   Email:            steve@xxxxxxxxxxxx
   Phone:            sip:steve@xxxxxxxxxxxx

Sales / enquiries contacts:
   Email:            sales@xxxxxxxxxxxx
   Phone:            +44-1792-824568 / sip:sales@xxxxxxxxxxxx

Support contacts:
   Email:            support@xxxxxxxxxxxx
   Phone:            +44-1792-825748 / sip:support@xxxxxxxxxxxx
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux