Project

General

Profile

Actions
Copy link

Feature #4123

open

Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools

Research: handle different flow tuples in TLS decrypt

Added by Victor Julien over 3 years ago. Updated about 1 month ago.

Status:
New
Priority:
Normal
Assignee:
OISF Ticketbot
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Decrypted TLS traffic with special headers indicating the original tuple (see for example #2513) poses a challenge wrt tuple handling.

Rules looking at IP addresses might not work as expected, ip and port vars may be off.

This could perhaps be handled similar to how encapsulation on the IP level is handled: by tracking both tuples separately.

Actions
Copy link
 #1

Updated by Philippe Antoine about 1 month ago

  • Assignee set to OISF Ticketbot
  • Target version set to TBD
Actions
Copy link

Also available in: Atom PDF