English Forums > Intrusion Detection and Prevention
How does Suricata handle encrypted traffic?
mfpck:
What about JA3 and JA3S fingerprinting or does this just came with Sensei ?
mimugmail:
It can work with it, but this is the part which is not yet encrypted.
mfpck:
+ Is this is still tha state ?
It's not supported. Suricata uses fingerprinting on encrypted traffic. The packets are not opened, thus MITM is not happening. In order to open encrypted traffic i.e. squid, the software would need a certificate authority and have it installed on the computer accessing it. However, suricata does not have an area to instruct it to utilize a certificate authority.
ref.
https://forum.opnsense.org/index.php?topic=22772.0
Navigation
[0] Message Index
[*] Previous page
Go to full version