Search squid archive

Re: Make websockets work without splicing TLS connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/07/18 00:19, Ahmad, Sarfaraz wrote:
> Guys,
> 
>  
> 
> Can you think of a way to make websockets work without splicing TLS
> connections ?
> 

Squid does not understand WebSocket protocol (yet). So splicing is the
only option once the traffic is already going into the proxy.

Squid does support enough WebSockets to trigger the HTTP failover
mechanism sin WebSockets. But many clients and/or servers apparently do
not actually support WebSockets properly and break when that proxy
compatibility mechanism is used.

WebSocket has its own port for native traffic. So letting that through
your firewall should theoretically be enough.



> I don’t think on_unsupported _protocol would work here .// Also would

It may, but I agree that is not expected. WebSockets uses HTTP-like
syntax in its first message to be compatible with HTTPS servers.


> on_unsupported_protocol work where the remote server abuses 443 for
> something other than TLS ?

It should. Weird non-standard crap abusing port 443 is what that
directive was designed to help workaround.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux