Search squid archive

Re: Microsoft store issues with ssl-bump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/12/21 3:33 AM, Eliezer Croitoru wrote:

> The Windows 10 MS Store tries to connect the domains:
> storeedgefd.dsx.mp.microsoft.com

> which is bypassed from SSL BUMP with a regex and server-name.

>   * Squid 5.0.4 on Fedora 33.

It sounds like you have tried to configure Squid to splice traffic
matching some criteria. So does Squid actually splice traffic matching
those criteria? That is the first question I would ask myself when
trying to triage this problem.

Assuming you can create test traffic, there are many ways to answer that
question, including:

1. Checking whether Squid signs Squid-to-client traffic with its own
certificate.

2. After skipping any CONNECT exchanges, comparing to-Squid TCP payload
with from-Squid TCP payload. If the answer to the question is "yes",
then that payload should be identical, in both client-server and
server-client directions.

3. Sharing Squid debugging logs containing an isolated test transaction.

Testing with other proxies and speculating about the magical possibility
of client detection of TLS splicing is a waste of time _if_ your Squid
configuration is incorrect (i.e. if Squid correctly follows its
configuration, but that configuration contradicts your goals). Thus, I
recommend starting by validating that splicing is happening, as
discussed above.


HTH,

Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux