I was trying to setup Squid transparent SSLBump and its working. But it giving problem for Apple apps. According to threads on mailing list excluded domains (.apple.com .icloud.com .mzstatic.com .akamaihd.net .dropbox.com) then App Store works (browsing apps, searching apps) but app installation(from App store) fails with below squid access log: 1491910115.715 51 10.99.1.1 TAG_NONE/200 0 CONNECT 17.154.66.226:443 - ORIGINAL_DST/17.154.66.226 - 1491910116.537 52 10.99.1.1 TAG_NONE/200 0 CONNECT 17.154.66.74:443 - ORIGINAL_DST/17.154.66.74 - Same issue is happening with Dropbox also, Dropbox app not syncing with server. Conf: http_port 3128 intercept ssl-bump \ cert=/etc/squid/ssl_cert/myCA.pem \ generate-host-certificates=on dynamic_cert_mem_cache_size=4MB acl local-servers dstdomain "/etc/squid/allowed.txt" ssl_bump peek step1 ssl_bump splice local-servers ssl_bump bump all sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER Is anybody has working conf for sslbump with exclude the HTTP Public Key Pinning (HPKP) mechanism. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-SSL-Intercept-have-issues-apps-on-iOS-tp4682052.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
