Signal App only working if SNI enabled

Started by ruggerio, February 01, 2021, 08:40:44 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 01, 2021, 08:40:44 AM Last Edit: February 01, 2021, 08:43:25 AM by ruggerio
Hello,

I have an old tablet, which i would like to have SSL Inspection enabled. But this will not work for Signal, even if .whispersystems.org and .signal.org are inserted into no ssl bump sites.

It still reclams the certificate, e.g.:
kid1| ERROR: negotiating TLS on FD 30: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (1/-1/0)

Does anybody know, how i can handle Signal having ssl inspection enabled? Btw. the proxy is not transparent.
March 09, 2023, 09:17:56 AM #1
Signal is using certificate pinning and also highly customized TLS traffic, so SSL No Bump doesn't work.
If you really need full SSL Inspection enable Censorship circumvention within iOS/Android application to allow Signal to work. Not sure if it's possible with Signal Desktop.
Mike 
Print
Go Up Pages1
User actions