[Bro] Bro communication via SSL
Martin Holste
mcholste at gmail.com
Tue Jun 21 06:32:29 PDT 2011
I second this idea. No encryption would help a lot and cut down on
compile requirements. It can also make debugging easier. To achieve
confidentiality, I wire all my NMS together using OpenVPN so they have
their own private network, though stunnel would work just fine as
you've pointed out.
On Tue, Jun 21, 2011 at 8:20 AM, Robin Sommer <robin at icir.org> wrote:
> Hi all,
>
> I'd like to understand to which degree folks are currently using Bro's
> built-in support for doing Bro-to-Bro or Bro-to-Broccoli communication
> via SSL.
>
> My hunch is that not many installations are using this, though I know
> a few that do (note that if you haven't configured SSL specifically,
> you are not using it :-).
>
> Those who do use SSL for Bro communication, would it be an option to
> replace it with something externally like stunnel?
>
> I'm asking because we're planing to rework the communication layer
> quite a bit. Not only has supporting SSL directly been quite a pain in
> the past, but we'd also be more flexbile in terms of leveraging
> external libraries if SSL were not crucial.
>
> Robin
>
> --
> Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
> ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list