Why DropBox application does not work with SSL Bump?¶
After I enable HTTPS filtering (SSL Bump) on Squid the DropBox client application stops working. Why?
The DropBox application uses SSL Certificate Pinning, it means the application knows what certificate to expect when accessing remote DropBox servers. When you enable SSL Bump of HTTPS connections Squid replaces the default certificate with a ‘mimicked’ one; the application detects that and refuses to function.
In order to exclude DropBox from HTTPS filtering add the following domain name to UI / Squid / Exclusions / Domain Name. Click ‘Save and Restart’ green button in the top right corner afterwards. These exclusions should work both in explicit proxy and WCCP transparent redirection deployment scenarios.
.dropbox.com .dropboxstatic.com .dropboxapi.com