Project

General

Profile

Actions

Feature #4123

open

Task #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools

Research: handle different flow tuples in TLS decrypt

Added by Victor Julien about 4 years ago. Updated 5 months ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Decrypted TLS traffic with special headers indicating the original tuple (see for example #2513) poses a challenge wrt tuple handling.

Rules looking at IP addresses might not work as expected, ip and port vars may be off.

This could perhaps be handled similar to how encapsulation on the IP level is handled: by tracking both tuples separately.

Actions

Also available in: Atom PDF