[Bro] HTTPS Decryption

Johanna Amann johanna at icir.org
Fri Jun 9 20:04:03 PDT 2017


On Fri, Jun 09, 2017 at 07:23:53PM -0700, Osama Elnaggar wrote:
> I noticed the issue of decrypting HTTPS was mentioned several times over
> the years (with the last time back in 2015 I think -
> http://mailman.icsi.berkeley.edu/pipermail/bro/2015-June/008568.html) and
> was wondering if this feature was ever added or if anyone was able to
> successfully implement it.

No, not to my knowledge. There were several people who wanted to implement
it over the years - if someone did it, they never open-sourced it.

That being said - due to the prevalence of perfectly forward secure
ciphers, TLS decryption is not really an option anymore in most use-cases.

Johanna


More information about the Bro mailing list