[Oisf-users] Decrypt ssl sessions

Robert Vineyard robert.vineyard at oit.gatech.edu
Mon Nov 21 15:18:45 UTC 2011

On 11/21/2011 10:10 AM, carlopmart wrote:
> Thanks Robert. For me, if a firewall it can do it, it is sufficient. But 
> I do not know is whether it is possible to do it with iptables based 
> firewalls, BSD, etc ...


To be clear, I was referring to so-called "next-generation"
application-layer firewalls such as those offered from companies like Palo
Alto and Imperva. This type of functionality is generally not possible with
traditional network/transport-layer packet-filtering firewalls such as
iptables or ipfw.

Also, the scenario I described is a much easier problem to solve than the
general case of decrypting arbitrary SSL traffic. My solution only works if
the IDS has the private keys necessary to decrypt the traffic, which you
would be in a position to have if you also control the servers you're
looking to protect...

Robert Vineyard, CISSP, RHCE
Senior Information Security Engineer
Georgia Tech Office of Information Technology
404.385.6900 (office/cell) / 404.894.9548 (fax)

More information about the Oisf-users mailing list