I was wondering about the options to distinguish mobile devices TLS\SSL
requests compared to PC one's.
When I am running the next test:
https://www.ssllabs.com/ssltest/analyze.html?d=www.squid%2dcache.org&s=77.93
.254.178&latest

I am receiving a list of details about the compatibility of  specific
handshaking as listed:
Handshake Simulation
Android 2.3.7   No SNI 2                RSA 2048 (SHA256)       TLS 1.0
TLS_DHE_RSA_WITH_AES_128_CBC_SHA   DH 1024  FS
Android 4.0.4   RSA 2048 (SHA256)       TLS 1.0
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
Android 4.1.1   RSA 2048 (SHA256)       TLS 1.0
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
Android 4.2.2   RSA 2048 (SHA256)       TLS 1.0
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
Android 4.3     RSA 2048 (SHA256)       TLS 1.0
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
Android 4.4.2   RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS
Android 5.0.0   RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256   DH 1024  FS
Android 6.0     RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256   DH 1024  FS
Android 7.0     RSA 2048 (SHA256)       TLS 1.2
TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Baidu Jan 2015  RSA 2048 (SHA256)       TLS 1.0
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
BingPreview Jan 2015    RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS
Chrome 49 / XP SP3      RSA 2048 (SHA256)       TLS 1.2
TLS_RSA_WITH_AES_128_GCM_SHA256  No FS
Chrome 57 / Win 7  R            RSA 2048 (SHA256)       TLS 1.2
TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Firefox 31.3.0 ESR / Win 7      RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
Firefox 47 / Win 7  R           RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
Firefox 49 / XP SP3     RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
Firefox 53 / Win 7  R           RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
Googlebot Feb 2015      RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
IE 7 / Vista    RSA 2048 (SHA256)       TLS 1.0
TLS_RSA_WITH_AES_256_CBC_SHA  No FS
IE 8 / XP   No FS 1       No SNI 2              RSA 2048 (SHA256)       TLS
1.0     TLS_RSA_WITH_3DES_EDE_CBC_SHA
IE 8-10 / Win 7  R              RSA 2048 (SHA256)       TLS 1.0
TLS_RSA_WITH_AES_256_CBC_SHA  No FS
IE 11 / Win 7  R                RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS
IE 11 / Win 8.1  R              RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS
IE 10 / Win Phone 8.0   RSA 2048 (SHA256)       TLS 1.0
TLS_RSA_WITH_AES_256_CBC_SHA  No FS
IE 11 / Win Phone 8.1  R                RSA 2048 (SHA256)       TLS 1.2
TLS_RSA_WITH_AES_256_CBC_SHA256  No FS
IE 11 / Win Phone 8.1 Update  R         RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS
IE 11 / Win 10  R               RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS
Edge 13 / Win 10  R             RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS
Edge 13 / Win Phone 10  R               RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS
Java 6u45   No SNI 2            RSA 2048 (SHA256)       TLS 1.0
TLS_DHE_RSA_WITH_AES_128_CBC_SHA   DH 1024  FS
Java 7u25       RSA 2048 (SHA256)       TLS 1.0
TLS_DHE_RSA_WITH_AES_128_CBC_SHA   DH 1024  FS
Java 8u31       RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256   DH 1024  FS
OpenSSL 0.9.8y  RSA 2048 (SHA256)       TLS 1.0
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
OpenSSL 1.0.1l  R               RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS
OpenSSL 1.0.2e  R               RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS
Safari 5.1.9 / OS X 10.6.8      RSA 2048 (SHA256)       TLS 1.0
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
Safari 6 / iOS 6.0.1    RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   DH 1024  FS
Safari 6.0.4 / OS X 10.8.4  R           RSA 2048 (SHA256)       TLS 1.0
TLS_DHE_RSA_WITH_AES_256_CBC_SHA   DH 1024  FS
Safari 7 / iOS 7.1  R           RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   DH 1024  FS
Safari 7 / OS X 10.9  R         RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   DH 1024  FS
Safari 8 / iOS 8.4  R           RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   DH 1024  FS
Safari 8 / OS X 10.10  R                RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256   DH 1024  FS
Safari 9 / iOS 9  R             RSA 2048 (SHA256)       TLS 1.2
TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Safari 9 / OS X 10.11  R                RSA 2048 (SHA256)       TLS 1.2
TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Safari 10 / iOS 10  R           RSA 2048 (SHA256)       TLS 1.2
TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Safari 10 / OS X 10.12  R               RSA 2048 (SHA256)       TLS 1.2
TLS_RSA_WITH_AES_256_GCM_SHA384  No FS
Apple ATS 9 / iOS 9  R          RSA 2048 (SHA256)       TLS 1.2
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   ECDH secp256r1  FS
Yahoo Slurp Jan 2015    RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS
YandexBot Jan 2015      RSA 2048 (SHA256)       TLS 1.2
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384   DH 1024  FS


And I was wondering if there is an option to distinguish between these
requests and to maybe enhance SSL-BUMP with some kind of "option" based on
this.

Other options I have seen that helps to distinguish a mobile client compared
to a non-mobile one is by the domain name in the SNI and also by the default
response to a client request simulation.
Any ideas?

Eliezer

----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: elie...@ngtech.co.il




_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

Reply via email to