On 7/04/2014 4:58 p.m., Dan Charlesworth wrote:
> This somewhat vague error comes up with relative frequency from iOS
> apps when browsing via our Squid 3.4.4 intercepting proxy which is
> performing server-first SSL Bumping.
>
> The requests in question don’t make it as far as the access log, but
> with debug_options 28,3 26,3, the dst IP can be identified and
> allowed through with ssl_bump none.
Aha. So they hang? all requests that start should be logged.
>
> The device trusts Squid's CA, but apparently that’s not enough for
> the Twitter iOS app and certain Akamai requests that App Store
> updates use.
>
> Can anyone suggest how one might debug this further? Or just an idea
> of why the client might be closing the SSL connection in certain
> cases?
Is there any SNI or NPN or ALPN extensions on those requests?
It could be the clients are using new non-HTTP protocols whih cannot be
bumped.
Amos
Received on Mon Apr 07 2014 - 05:10:58 MDT
This archive was generated by hypermail 2.2.0 : Mon Apr 07 2014 - 12:00:05 MDT