On 07/03/2018 06:59 AM, Ahmad, Sarfaraz wrote: >>> Squid does not understand WebSocket protocol (yet). > Is supporting Websockets on the roadmap ? Yes, we are working on tunneling WebSockets traffic after a successful HTTP Upgrade exchange with the server (with admin permission, of course). Alex. > -----Original Message----- > From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries > Sent: Tuesday, July 3, 2018 6:15 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: Make websockets work without splicing TLS connections > > On 04/07/18 00:19, Ahmad, Sarfaraz wrote: >> Guys, >> >> >> >> Can you think of a way to make websockets work without splicing TLS >> connections ? >> > > Squid does not understand WebSocket protocol (yet). So splicing is the only option once the traffic is already going into the proxy. > > Squid does support enough WebSockets to trigger the HTTP failover mechanism sin WebSockets. But many clients and/or servers apparently do not actually support WebSockets properly and break when that proxy compatibility mechanism is used. > > WebSocket has its own port for native traffic. So letting that through your firewall should theoretically be enough. > > > >> I don’t think on_unsupported _protocol would work here .// Also would > > It may, but I agree that is not expected. WebSockets uses HTTP-like syntax in its first message to be compatible with HTTPS servers. > > >> on_unsupported_protocol work where the remote server abuses 443 for >> something other than TLS ? > > It should. Weird non-standard crap abusing port 443 is what that directive was designed to help workaround. > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
