Actions
Feature #4123
openTask #4122: tracking: handle various TLS decrypt headers in proxies and decryption tools
Research: handle different flow tuples in TLS decrypt
Effort:
Difficulty:
Label:
Description
Decrypted TLS traffic with special headers indicating the original tuple (see for example #2513) poses a challenge wrt tuple handling.
Rules looking at IP addresses might not work as expected, ip and port vars may be off.
This could perhaps be handled similar to how encapsulation on the IP level is handled: by tracking both tuples separately.
Updated by Philippe Antoine 4 months ago
- Assignee set to OISF Ticketbot
- Target version set to TBD
Actions