Squid + SSL Splice All + Office365



  • Hi everybody!

    I'm looking to implement Squid + transparent proxy SSL interception (splice all to squidguard) in one of my remote sites. That works great for most websites but we recently saw that office365 does not like it. We don't use o365 ourselves, but we do receive encrypted emails from other organizations that utilize the service. When trying to access the link they send us, Chrome simply returns ERR_SSL_PROTOCOL_ERROR.

    I've attempted using the custom configuration noted in the advanced options to bypass splicing completely for office365.com with the below options. Now the client simply spins trying to make the connection. I suspect this is the right path, but I need additional domains or configuration to get it to work. Has anyone been successful using o365 with the splice all configuration?

    # some banking sites that should not be MITM-ed
    acl serverIsBank ssl::server_name .office365.com
    acl serverIsBank ssl::server_name .microsoftonline.com
    # get SNI obtained by parsing TLS Client Hello during step2
    # (which is instructed by ssl_bump peek step1)
    ssl_bump peek step1
    # bump monitored sites, but not banks
    ssl_bump bump monitoredSites !serverIsBank
    # splice all the rest
    ssl_bump splice all 
    


  • Apologies, I meant to put this in the Cache/Proxy sub forum. Can this moved to the appropriate forum please?

    Thanks.



  • hi same issue but differnt sites (some bank sites or login.yahoo.com mail.google.com), my config is splice all with all options selected, sometimes error with ERR_SSL_PROTOCOL_ERROR on chrome.


Log in to reply