Task #4123: Research: handle different flow tuples in TLS decrypt - Suricata - Open Information Security Foundation

Actions

Copy link

Task #4123

open

VJ VJ

Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools

Research: handle different flow tuples in TLS decrypt

Task #4123: Research: handle different flow tuples in TLS decrypt

Added by Victor Julien over 5 years ago. Updated 14 days ago.

Status:

In Progress

Priority:

Normal

Assignee:

Victor Julien

Target version:

TBD

Effort:

Difficulty:

Label:

Description

Decrypted TLS traffic with special headers indicating the original tuple (see for example #2513) poses a challenge wrt tuple handling.

Rules looking at IP addresses might not work as expected, ip and port vars may be off.

This could perhaps be handled similar to how encapsulation on the IP level is handled: by tracking both tuples separately.

History
Notes
Property changes

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Task #4123

Research: handle different flow tuples in TLS decrypt

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
#1

JI Updated by Jason Ish 7 months ago Actions
Copy link
#2

VJ Updated by Victor Julien 14 days ago Actions
Copy link
#3

Project

General

Profile

Suricata

Custom queries

Task #4123

Research: handle different flow tuples in TLS decrypt

PA Updated by Philippe Antoine almost 2 years ago ActionsCopy link #1

JI Updated by Jason Ish 7 months ago ActionsCopy link #2

VJ Updated by Victor Julien 14 days ago ActionsCopy link #3

PA Updated by Philippe Antoine almost 2 years ago Actions
Copy link
#1

JI Updated by Jason Ish 7 months ago Actions
Copy link
#2

VJ Updated by Victor Julien 14 days ago Actions
Copy link
#3