On 04/07/18 00:19, Ahmad, Sarfaraz wrote: > Guys, > > > > Can you think of a way to make websockets work without splicing TLS > connections ? > Squid does not understand WebSocket protocol (yet). So splicing is the only option once the traffic is already going into the proxy. Squid does support enough WebSockets to trigger the HTTP failover mechanism sin WebSockets. But many clients and/or servers apparently do not actually support WebSockets properly and break when that proxy compatibility mechanism is used. WebSocket has its own port for native traffic. So letting that through your firewall should theoretically be enough. > I don’t think on_unsupported _protocol would work here .// Also would It may, but I agree that is not expected. WebSockets uses HTTP-like syntax in its first message to be compatible with HTTPS servers. > on_unsupported_protocol work where the remote server abuses 443 for > something other than TLS ? It should. Weird non-standard crap abusing port 443 is what that directive was designed to help workaround. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users