[Oisf-users] Analysis of SSL-decrpyted traffic

Federico Foschini undicizeri at gmail.com
Tue Feb 25 16:53:59 UTC 2020

I’ve configured my firewall to mirror SSL-decrypted traffic to a server in
which I’m running suricata 5.0

I cannot trigger any alert on this type of traffic, even if using zeek or
wireshark I can clearly see that the traffic is HTTP (but on port 443).

In suricata.yaml I’ve added port 443 in HTTP_PORTS variable:

    HTTP_PORTS: "[80,81,311,383, 443, ...]"

Is this setting enough?
Is it possible that setting is in conflict with this one in the app-layer?

      enabled: yes
        dp: 443

Federico Foschini.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200225/7a311535/attachment.html>

More information about the Oisf-users mailing list