I was wondering about the options to distinguish mobile devices TLS\SSL requests compared to PC one's. When I am running the next test: https://www.ssllabs.com/ssltest/analyze.html?d=www.squid%2dcache.org&s=77.93 .254.178&latest
I am receiving a list of details about the compatibility of specific handshaking as listed: Handshake Simulation Android 2.3.7 No SNI 2 RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH 1024 FS Android 4.0.4 RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS Android 4.1.1 RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS Android 4.2.2 RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS Android 4.3 RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS Android 4.4.2 RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS Android 5.0.0 RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH 1024 FS Android 6.0 RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH 1024 FS Android 7.0 RSA 2048 (SHA256) TLS 1.2 TLS_RSA_WITH_AES_256_GCM_SHA384 No FS Baidu Jan 2015 RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS BingPreview Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS Chrome 49 / XP SP3 RSA 2048 (SHA256) TLS 1.2 TLS_RSA_WITH_AES_128_GCM_SHA256 No FS Chrome 57 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_RSA_WITH_AES_256_GCM_SHA384 No FS Firefox 31.3.0 ESR / Win 7 RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS Firefox 47 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS Firefox 49 / XP SP3 RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS Firefox 53 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS Googlebot Feb 2015 RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS IE 7 / Vista RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA No FS IE 8 / XP No FS 1 No SNI 2 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA IE 8-10 / Win 7 R RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA No FS IE 11 / Win 7 R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS IE 11 / Win 8.1 R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS IE 10 / Win Phone 8.0 RSA 2048 (SHA256) TLS 1.0 TLS_RSA_WITH_AES_256_CBC_SHA No FS IE 11 / Win Phone 8.1 R RSA 2048 (SHA256) TLS 1.2 TLS_RSA_WITH_AES_256_CBC_SHA256 No FS IE 11 / Win Phone 8.1 Update R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS IE 11 / Win 10 R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS Edge 13 / Win 10 R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS Edge 13 / Win Phone 10 R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS Java 6u45 No SNI 2 RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH 1024 FS Java 7u25 RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_128_CBC_SHA DH 1024 FS Java 8u31 RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DH 1024 FS OpenSSL 0.9.8y RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS OpenSSL 1.0.1l R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS OpenSSL 1.0.2e R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS Safari 5.1.9 / OS X 10.6.8 RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS Safari 6 / iOS 6.0.1 RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 1024 FS Safari 6.0.4 / OS X 10.8.4 R RSA 2048 (SHA256) TLS 1.0 TLS_DHE_RSA_WITH_AES_256_CBC_SHA DH 1024 FS Safari 7 / iOS 7.1 R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 1024 FS Safari 7 / OS X 10.9 R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 1024 FS Safari 8 / iOS 8.4 R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 1024 FS Safari 8 / OS X 10.10 R RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DH 1024 FS Safari 9 / iOS 9 R RSA 2048 (SHA256) TLS 1.2 TLS_RSA_WITH_AES_256_GCM_SHA384 No FS Safari 9 / OS X 10.11 R RSA 2048 (SHA256) TLS 1.2 TLS_RSA_WITH_AES_256_GCM_SHA384 No FS Safari 10 / iOS 10 R RSA 2048 (SHA256) TLS 1.2 TLS_RSA_WITH_AES_256_GCM_SHA384 No FS Safari 10 / OS X 10.12 R RSA 2048 (SHA256) TLS 1.2 TLS_RSA_WITH_AES_256_GCM_SHA384 No FS Apple ATS 9 / iOS 9 R RSA 2048 (SHA256) TLS 1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDH secp256r1 FS Yahoo Slurp Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS YandexBot Jan 2015 RSA 2048 (SHA256) TLS 1.2 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DH 1024 FS And I was wondering if there is an option to distinguish between these requests and to maybe enhance SSL-BUMP with some kind of "option" based on this. Other options I have seen that helps to distinguish a mobile client compared to a non-mobile one is by the domain name in the SNI and also by the default response to a client request simulation. Any ideas? Eliezer ---- Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: [email protected] _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
