Re: [squid-users] Skype SSL is incompatible with OpenSSL

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 02 May 2014 23:54:25 +1200

On 2/05/2014 11:21 p.m., Jay Jimenez wrote:
> Hi Amos,
>
> Thank you for the response.
>
> Any advice of how would I know exactly what SSL/TLS version skype is
> using and how do I enable those versions to my squid box?
>
> What are changes in 3.4.5 in terms of ssl bumping? Would it help me on
> my existing transparent setup to resolve my skype issue?

When the first few bytes of the client message are received by squid
before tunneling (CONNECT or a fake-CONNECT in interception) they used
to be dropped. Causes some strange behaviour. I am unsure if its
actually involved, but when debugging these its good to be rid of one
potential source of confusion.

The only way I know of to debug through Squid the SSL/TLS protocol
version is the messages displayed by clientNegotiateSSL.
 The alternative is taking a tcpdump packet trace of the connection
setup and looking at what WireShark says.

Amos
Received on Fri May 02 2014 - 11:54:35 MDT

This archive was generated by hypermail 2.2.0 : Fri May 02 2014 - 12:00:03 MDT