Squid Proxy Server ssl-bump blocking Web Socket connections

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Squid Proxy Server ssl-bump blocking Web Socket connections

Max Ashton
Dear squid-users,

I have just set up Squid Server 3.5.26 on Ubuntu 16.04.2 LTS configured with SSL-bump. Http and Https is working fine but any web services that requires Web Sockets fails with the error:

WebSocket connection to 'ws://speedtest.b4rn.org.uk:8080/ws' failed: Error during WebSocket handshake: net::ERR_CONNECTION_RESET

For example, a broadband speed test.

From the mail list archive I found a post relating to whatsapp web sockets, sadly the suggested configuration did not work for me.

I have added the following lines to my squid configuration in an attempt to force a direct connection and prevent SSL caching for web socket connections.

#Temporarily allow all connections for debugging http_access allow all

acl bump-bypass dstdomain 192.168.0.245 .speedtest.net # URL's contains ws, most web socket urls do, allowing all for testing acl ssl-web-sockets SSL::server_name_regex \/ws

ssl_bump step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice bump-bypass ssl-web-sockets tcp-web-sockets

#I Read that there was a bug in bump that required !explicity #for splice to work for web sockets ssl_bump bump !ssl-web-sockets all

#just bump all doesn't work either
#ssl_bump bump all

If I disable ssl-bump  and don't decrypt encrypted traffic (http_port 3128 instead of http_port 3128 ssl-bump ...) everything works fine.

How can I configure squid to allow web socket connections?

Thanks

Kind Regards
Max
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squid Proxy Server ssl-bump blocking Web Socket connections

Amos Jeffries
Administrator
On 15/07/17 03:11, Max Ashton wrote:
> Dear squid-users,
>
> I have just set up Squid Server 3.5.26 on Ubuntu 16.04.2 LTS configured with SSL-bump. Http and Https is working fine but any web services that requires Web Sockets fails with the error:

To support intercepting non-HTTP traffic on port 443 you need Squid-4
which provides the
<http://www.squid-cache.org/Doc/config/on_unsupported_protocol/> feature.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...