Project

General

Profile

Actions

Feature #4123

open

Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools

Research: handle different flow tuples in TLS decrypt

Added by Victor Julien over 3 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:

Description

Decrypted TLS traffic with special headers indicating the original tuple (see for example #2513) poses a challenge wrt tuple handling.

Rules looking at IP addresses might not work as expected, ip and port vars may be off.

This could perhaps be handled similar to how encapsulation on the IP level is handled: by tracking both tuples separately.

No data to display

Actions

Also available in: Atom PDF