Rousskov
> Sent: Tuesday, January 12, 2021 5:15 PM
> To: Squid Users
> Subject: Re: [squid-users] Microsoft store issues with ssl-bump
>
> On 1/12/21 7:42 AM, Amos Jeffries wrote:
>> IIRC latest Squid force the client to TLS/1.2 when
>> preparing to bump, but may not for splic
, 2021 5:15 PM
To: Squid Users
Subject: Re: [squid-users] Microsoft store issues with ssl-bump
On 1/12/21 7:42 AM, Amos Jeffries wrote:
> IIRC latest Squid force the client to TLS/1.2 when
> preparing to bump, but may not for spliceand stare. So YMMV.
FTR: Bugs notwithstanding, modern Squid c
On 1/12/21 3:33 AM, Eliezer Croitoru wrote:
> The Windows 10 MS Store tries to connect the domains:
> storeedgefd.dsx.mp.microsoft.com
> which is bypassed from SSL BUMP with a regex and server-name.
> * Squid 5.0.4 on Fedora 33.
It sounds like you have tried to configure Squid to splice
On 1/12/21 7:42 AM, Amos Jeffries wrote:
> IIRC latest Squid force the client to TLS/1.2 when
> preparing to bump, but may not for spliceand stare. So YMMV.
FTR: Bugs notwithstanding, modern Squid changes nothing on TLS level
when peeking, splicing, and/or terminating. Squid changes TLS bytes
-Original Message-
From: squid-users On Behalf Of Amos
Jeffries
Sent: Tuesday, January 12, 2021 2:42 PM
To: Squid Users
Subject: Re: [squid-users] Microsoft store issues with ssl-bump
On 12/01/21 11:32 pm, NgTech LTD wrote:
> Im saying that my config might be wrong and I will send
On Tue, Jan 12, 2021 at 10:33:00AM +0200, Eliezer Croitoru wrote:
>
> Any hints might help to find and resolve this issue
From my experience MS Update and probably the store too use custom root
certificates; check if that's the case. It's also possible that that
connection is so hardwired that it
On 12/01/21 11:32 pm, NgTech LTD wrote:
Im saying that my config might be wrong and I will send you a full
config save which can show you the whole setup like most vendors has.
I have upgraded squid in production.
Let me verify first before shouting "bug".
Eliezer
Okay. I see a few things
Im saying that my config might be wrong and I will send you a full config
save which can show you the whole setup like most vendors has.
I have upgraded squid in production.
Let me verify first before shouting "bug".
Eliezer
On Tue, Jan 12, 2021, 12:15 Amos Jeffries wrote:
> On 12/01/21 10:15
On 12/01/21 10:15 pm, Eliezer Croitoru wrote:
This works in another proxy which looks at the SNI only without any bump
involved.
So you are saying you find a bug with Squid?
or .. ??
Amos
___
squid-users mailing list
Message-
From: squid-users On Behalf Of
Lorenzo Marcantonio
Sent: Tuesday, January 12, 2021 10:58 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Microsoft store issues with ssl-bump
On Tue, Jan 12, 2021 at 10:33:00AM +0200, Eliezer Croitoru wrote:
>
> Any hints migh
:58 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Microsoft store issues with ssl-bump
On Tue, Jan 12, 2021 at 10:33:00AM +0200, Eliezer Croitoru wrote:
>
> Any hints might help to find and resolve this issue
From my experience MS Update and probably the store too use
I am trying to implement a full SSL-BUMP and I am having trouble with MS
Store.
The Windows 10 MS Store tries to connect the domains:
storeedgefd.dsx.mp.microsoft.com
which is bypassed from SSL BUMP with a regex and server-name.
For some reason the store claims that there is an issue with
12 matches
Mail list logo
