[Bro] HTTPS Decryption
oelnaggar04 at gmail.com
Fri Jun 9 20:15:28 PDT 2017
Thanks Johanna. But I was actually looking at the use case where you
terminated PFS at a load balancer (or other device at the perimeter) and
used upstream SSL (non PFS) to the backend servers.
Would it be possible to forward SSL packets to viewssld -
https://github.com/plashchynski/viewssld - and then back to Bro?
On June 10, 2017 at 1:04:05 PM, Johanna Amann (johanna at icir.org) wrote:
On Fri, Jun 09, 2017 at 07:23:53PM -0700, Osama Elnaggar wrote:
> I noticed the issue of decrypting HTTPS was mentioned several times over
> the years (with the last time back in 2015 I think -
> http://mailman.icsi.berkeley.edu/pipermail/bro/2015-June/008568.html) and
> was wondering if this feature was ever added or if anyone was able to
> successfully implement it.
No, not to my knowledge. There were several people who wanted to implement
it over the years - if someone did it, they never open-sourced it.
That being said - due to the prevalence of perfectly forward secure
ciphers, TLS decryption is not really an option anymore in most use-cases.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro