Thanks for the info, Rafael. Stan
On Mon, Aug 31, 2015 at 11:39 PM, Rafael Akchurin < rafael.akchu...@diladele.com> wrote: > The SSL pinning means dropbox application does know the fingerprint of the > certificate of the connection out-of-band and will simply refuse to work > with another (even trusted one). > > It is not possible to change this behaviour without recompiling unless > developers of dropbox has some "managed" mode... > > See http://docs.diladele.com/faq/squid/dropbox.html > > Best regards, > Rafael > > Op 1 sep. 2015 om 00:55 heeft Stanford Prescott <stan.presc...@gmail.com> > het volgende geschreven: > > Yes, SSLBump still works with the web apps, but it would be a lot more > convenient if the mobile apps would also work. > > Does anyone know how to pin Squid's self-signed certificate's public key > to Googledrive and Dropbox so that it would work with SSLBump enabled? > > Stan > > On Mon, Aug 31, 2015 at 3:29 PM, Yuri Voinov <yvoi...@gmail.com> wrote: > >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> BTW, GoogleDrive web application still works with bump. Use it, Luke ;) >> >> 01.09.15 2:21, Jason Haar пишет: >> > On 01/09/15 02:59, Shane King wrote: >> >> Accessing via the browser may work but the sync clients that sit in >> >> the system tray use certificate pinning I believe. So if certificate >> >> pinning is being used, ssl bumping will not work. You will see an >> >> alert message in the pcap followed by a connection termination. >> > >> > This stopped working for me last week - I suspect there was an update or >> > something >> > >> > Really frustrating: one of the primary reasons I want to do TLS >> > intercept is to AV all the viruses published on dropbox!!! >> > >> > If the Cloud providers go full pinning, the future of TLS Intercept is >> bleak >> > >> > >> > >> > >> > _______________________________________________ >> > squid-users mailing list >> > squid-users@lists.squid-cache.org >> > http://lists.squid-cache.org/listinfo/squid-users >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v2 >> >> iQEcBAEBCAAGBQJV5LkrAAoJENNXIZxhPexGH9oH/AyK089Jek7yb/YPB16jAKPJ >> LnKgKPQ4r8lu3wm5o4JuOXF6mun79fGVW9dymB5rasTJlHiCHrvXEK4G2KqyRg3B >> 57TdvHuLhHr+IE0jcpMpk6n/pbdHzYJwkbplTd9HNApw+/LJpfxXVzQZsspJJC58 >> e12pMXL+i5Dv2vEYLEeySVnDN0mtuBdxD7lxDWFDFDbfBZvoGHEptOQYR3lelEet >> xEIds+sNYrjYPK8a9BuiKSK0IqQ5mxhsbUIg4Z7LxyKv3+sTV+aW3HMdKkMoc5t8 >> bPCHec1eIxU7p9lgyKGn2HXtV1WQ5MAeOuI9YHGqdeSfgCPfT1wYF2imiHC9ez8= >> =2wPb >> -----END PGP SIGNATURE----- >> >> >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >> > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
