On 21/12/2012 12:36 a.m., Leonardo Rodrigues wrote:
>
> Hi,
>
> Is it possible, with any version of squid, to identify REAL SSL
> connections using CONNECT method ? The idea is blocking some softwares
> thattunnel connections, through squid and on 443 ports, but are not
> real SSL connections, like Skype and other P2P softwares.
The idea is a bit flawed. SSL is a transport layer like TCP or HTTP
itself. It is quite possible that Skype and P2P are using SSL inside the
tunnel.
Very often you have to accept and confirm successful tunnel creation
along with any protocol greeting the server would have produced in
non-HTTPS traffic before the client will send anything you can use to
identify the protocol they are expecting from the server.
Amos
Received on Fri Dec 21 2012 - 09:35:40 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 21 2012 - 12:00:09 MST