Squid/transparent proxy improperly intercepting SSL?
-
I recently moved from 2.3.2 to the 2.3.3 dev branch and noticed that the giphy integration through the signal messaging app (whispersystems.org) no longer works. I looked in the squid logs and see that it appears to be attempting to reach the giphy api but fails with:
STATUS Address (Destination remains blank with a -)
TAG_NONE/409 api.giphy.com:443The interesting part is that the port is appended to the api call (:443) which would imply an SSL connection, yet I've not setup squid to intercept/MITM the SSL traffic. I've tried to whitelist the api.giphy.com domain in the ACL page but that has no effect. Googling around a bit revealed that error 409 is URI Host Conflict - I looked into 409 (http://www.squid-cache.org/Doc/config/host_verify_strict/) and saw reference to RFC2616 which is referenced in the General tab in the squid setup (Disable VIA Header). Enabling/disabling does nothing here either.
To make sure it's squid, I toggle it on/off and the giphy integration works when the proxy is off. Has anyone else seen this/similar behavior?
-
It is intercepting just fine. Recently discussed in the proper forum. If things break, use the manual config, or don't MITM.
-
It is intercepting just fine. Recently discussed in the proper forum. If things break, use the manual config, or don't MITM.
apologies if I wasn't clear in my post - I am not implementing MITM and have never enabled it. It would appear that while all other SSL traffic bypasses the proxy just fine (as intended), this one API call with the :443 appended may indeed be SSL but is attempting to go through the proxy.