On 22/01/19 9:19 pm, XploD wrote: > > Can anybody tell me what I have to do so that every android app accepts > the intercepted connection? > IIRC there is also a phone CA certificate store where it can be added. Though I do not recall exactly where it is right now. Even with that setup some apps (from eg Youtube and Facebook) use certificate pinning. They bundle the domains CA cert hard-coded into the app it self and only trusts that exact CA. Or use a client certificate similarly bundled with each app to authenticate against the server. When either of those TLS features are used SSL-Bump cannot do the 'bump' action - only the peek, splice or terminate work. That is still enough to identify the destination domain, but no deep inspection. > > BTW: If any squid developer is reading this: Squid is awesome work! > Thank you very much for such beauty! > On behalf of the team: thank you. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
