English Forums > Intrusion Detection and Prevention

How does Suricata handle encrypted traffic?

<< < (2/2)

mfpck:
What about JA3 and JA3S fingerprinting or does this just came with Sensei ?

mimugmail:
It can work with it, but this is the part which is not yet encrypted.

mfpck:
+ Is this is still tha state ?


It's not supported.  Suricata uses fingerprinting on encrypted traffic.  The packets are not opened, thus MITM is not happening.  In order to open encrypted traffic i.e. squid, the software would need a certificate authority and have it installed on the computer accessing it.  However, suricata does not have an area to instruct it to utilize a certificate authority.

ref.
https://forum.opnsense.org/index.php?topic=22772.0

Navigation

[0] Message Index

[*] Previous page