I have just set up Squid Server 3.5.26 on Ubuntu 16.04.2 LTS configured with SSL-bump. Http and Https is working fine but any web service that requires Web Sockets fails, for example, a speed test.
I have added the following lines to my squid configuration in an attempt to force a direct connection and prevent SSL caching for web socket connections.
#Temporarily allow all connections for debugging
http_access allow all
acl bump-bypass dstdomain 192.168.0.245 .speedtest.net
# URL's contains ws (most web socket urls do)
acl ssl-web-sockets SSL::server_name_regex \/ws
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump splice bump-bypass ssl-web-sockets tcp-web-sockets
#I Read that there was a bug in bump that required !explicity
#for splice to work for web sockets
ssl_bump bump !ssl-web-sockets all
#just bump all doesn't work either
#ssl_bump bump all
If I disable ssl-bump and don't decrypt encrypted traffic everything works fine.
How can I configure squid to allow direct web socket connection?
Update
Updated to Squid Server 4.0.21 and added to config
on_unsupported_protocol tunnel all
The documentation says this should allow TCP tunnel connections
Sadly this did not fix the issue either, still getting Web socket error
Connection closed before receiving a handshake response
