<div dir="ltr"><div dir="ltr"><div>Nothing personal Coop, just seems odd when plp talks about <i>vendors </i>in an open source project.</div><div><br></div><div>Like saying go to Bluecoat in a squid forum.</div><div><br></div><div>Michal is right, the way to do it is to send Suricata decrypted traffic.</div><div><br></div><div>Look at the work of Sonertari with SSLproxy, also MiTMproxy and python.</div><div>
<h3 class="gmail-iw"><span style="font-weight:normal"><a href="https://github.com/sonertari/SSLproxy">https://github.com/sonertari/SSLproxy</a></span></h3><div>And if you are anywhere between NYC and Toronto, Ill set you up with an open souce solution to inspect encrypted traffic.</div><div><br></div><div>No black box.<br></div><div><br></div><div>Cheers.</div><div><br></div><div>F.<br></div>

</div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, Nov 1, 2018 at 3:53 PM Cooper F. Nelson <<a href="mailto:cnelson@ucsd.edu" target="_blank">cnelson@ucsd.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div text="#000000" bgcolor="#FFFFFF">
    <p>Not currently.</p>
    <p>Some vendors are starting to sell switched taps that have this
      functionality, however. <br>
    </p>
    <p>-Coop<br>
    </p>
    <br>
    <div class="m_-2563642172088830663m_-5741674207954532151moz-cite-prefix">On 11/1/2018 12:50 PM, Jordon Carpenter
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      
      <div id="m_-2563642172088830663m_-5741674207954532151bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;margin:0px;line-height:auto">Is
        suricata able to fully decrypt SSL if it has the appropriate
        keys?</div>
      <br>
      <div id="m_-2563642172088830663m_-5741674207954532151bloop_sign_1541101735918635008" class="m_-2563642172088830663m_-5741674207954532151bloop_sign"><span style="color:rgb(34,34,34);font-variant-ligatures:normal;font-size:14px;font-family:roboto,sans-serif"><strong><span style="color:rgb(0,0,0)">Thanks,<br>
              Jordon Carpenter</span></strong></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">
        <span style="font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif"><a href="https://www.rooksecurity.com/" style="color:rgb(0,0,0)" target="_blank">Rook
            Security</a></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">
        <span style="color:rgb(34,34,34);font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif"><em><span style="color:rgb(0,0,0)">Anticipate, Manage, &
              Eliminate Threats</span></em></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">
        <br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">
        <span style="font-variant-ligatures:normal;font-size:12px;font-family:roboto,sans-serif">O: <a href="tel:%28888%29%20712-9531" value="+18887129531" style="color:rgb(17,85,204)" target="_blank">888.712.9531 x734</a></span><br style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px;font-variant-ligatures:normal">
        <span style="font-variant-ligatures:normal;font-size:12px;font-family:calibri,sans-serif"><span style="font-family:roboto,sans-serif">E: <a href="mailto:jordon.carpenter@rooksecurity.com" style="color:rgb(17,85,204)" target="_blank">jordon.carpenter@rooksecurity.com</a><br>
            <br>
          </span><span style="font-family:roboto,sans-serif"><a href="https://www.facebook.com/rookteam" style="color:rgb(17,85,204)" target="_blank"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-FB.png" alt="rookteam" class="m_-2563642172088830663m_-5741674207954532151CToWUd" border="0"></a>    <a href="https://twitter.com/rooksecurity" style="color:rgb(17,85,204)" target="_blank"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-TW.png" alt="rooksecurity" class="m_-2563642172088830663m_-5741674207954532151CToWUd" border="0"></a>    <a href="https://www.linkedin.com/company/rook-security" style="color:rgb(17,85,204)" target="_blank"><img src="https://d23fetfglg1ija.cloudfront.net/signature_fields/56feae2eecca0b0003125675/A-LI.png" alt="Rook LinkedIn" class="m_-2563642172088830663m_-5741674207954532151CToWUd" border="0"></a></span><br>
          <br>
          <br>
          <span style="font-size:10px"><span style="font-family:roboto,sans-serif">This e-mail may
              contain confidential and privileged material for the sole
              use of the intended recipient. Any review, use,
              distribution or disclosure by others is strictly
              prohibited. If you are not the intended recipient (or
              authorized to receive for the recipient), please contact
              the sender by reply e-mail and delete all copies of this
              message.</span></span></span></div>
      <br>
      <fieldset class="m_-2563642172088830663m_-5741674207954532151mimeAttachmentHeader"></fieldset>
      <br>
      <pre>_______________________________________________
Suricata IDS Users mailing list: <a class="m_-2563642172088830663m_-5741674207954532151moz-txt-link-abbreviated" href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a>
Site: <a class="m_-2563642172088830663m_-5741674207954532151moz-txt-link-freetext" href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a class="m_-2563642172088830663m_-5741674207954532151moz-txt-link-freetext" href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a>
List: <a class="m_-2563642172088830663m_-5741674207954532151moz-txt-link-freetext" href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a>

Conference: <a class="m_-2563642172088830663m_-5741674207954532151moz-txt-link-freetext" href="https://suricon.net" target="_blank">https://suricon.net</a>
Trainings: <a class="m_-2563642172088830663m_-5741674207954532151moz-txt-link-freetext" href="https://suricata-ids.org/training/" target="_blank">https://suricata-ids.org/training/</a></pre>
    </blockquote>
    <br>
    <pre class="m_-2563642172088830663m_-5741674207954532151moz-signature" cols="72">-- 
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
<a class="m_-2563642172088830663m_-5741674207954532151moz-txt-link-abbreviated" href="mailto:cnelson@ucsd.edu" target="_blank">cnelson@ucsd.edu</a> x41042</pre>
  </div>

_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
Conference: <a href="https://suricon.net" rel="noreferrer" target="_blank">https://suricon.net</a><br>
Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer" target="_blank">https://suricata-ids.org/training/</a></blockquote></div>