[Bro] HTTPS Decryption

Osama Elnaggar oelnaggar04 at gmail.com
Fri Jun 9 20:15:28 PDT 2017

Thanks Johanna.  But I was actually looking at the use case where you
terminated PFS at a load balancer (or other device at the perimeter) and
used upstream SSL (non PFS) to the backend servers.

Would it be possible to forward SSL packets to viewssld -
https://github.com/plashchynski/viewssld - and then back to Bro?


Osama Elnaggar

On June 10, 2017 at 1:04:05 PM, Johanna Amann (johanna at icir.org) wrote:

On Fri, Jun 09, 2017 at 07:23:53PM -0700, Osama Elnaggar wrote:
> I noticed the issue of decrypting HTTPS was mentioned several times over
> the years (with the last time back in 2015 I think -
> http://mailman.icsi.berkeley.edu/pipermail/bro/2015-June/008568.html) and
> was wondering if this feature was ever added or if anyone was able to
> successfully implement it.

No, not to my knowledge. There were several people who wanted to implement
it over the years - if someone did it, they never open-sourced it.

That being said - due to the prevalence of perfectly forward secure
ciphers, TLS decryption is not really an option anymore in most use-cases.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170609/b6365131/attachment.html 

More information about the Bro mailing list