Test Nintendo Switch compatibility

[Stealthii]

With the release of the Nintendo Switch, online services are likely to have changed for this console. We need to confirm:

• If the Nintendo Switch can utilise internet connectivity without issue,
• If we are caching content already, and adding support if not.

[Stealthii]

The good news is that qcacher does not block or interfere with Nintendo Switch online services.

The bad news - Nintendo have moved solely to HTTPS for online content delivery (their servers don't even listen or serve on HTTP port 80 at all). They are also not using public certificate authentication - it would seem they have their own private certificate authority, that the Switch will have stored within the firmware in order to validate their own certificates.

So far I can't even connect to these without verification, so it would seem they are doing client side validation as well, which is interesting. Not that this would help us, but in the end it means we can't cache Switch's online CDN, not now or likely ever in the future.

This isn't a major problem as Switch content will be the least of our worries on a LAN gaming network (mostly game updates or firmware downloads would be the bulk of what we would see), but it's a shame nevertheless.

[Stealthii]

Example of a Super Bomberman R update download:

unbound_1   | [1493573053] unbound[1:0] info: 192.168.86.105 atum.hac.lp1.d4c.nintendo.net. A IN
sniproxy_1  | 2017-04-30 17:26:27 192.168.86.105:27672 -> 0.0.0.0:443 -> 2.22.108.251:443 [atum.hac.lp1.d4c.nintendo.net] 557471437/557471437 bytes tx 4277/4277 bytes rx 134.474 seconds

[Stealthii]

A list of Nintendo certificates used on their new online service: https://www.threatminer.org/ssls.php?q=nintendo%20co.&t=14