[Snort-devel] Snort SSL

Chris Green cmg at ...402...
Fri Oct 4 06:53:03 EDT 2002

"Peter Robinson" <peter at ...1601...> writes:

> Hi there...
> As I a new ot the list I have missed this discussion in the past and could
> not find a definitive answer in the archives
> Is it possible to get snort to decrypt ssl type connections and check them
> against the web* rules ?

Nope. There is no integration with the keying that would be required
to do this type of monitoring. 

> I would be happy to use this type of feature to monitor traffic to a single
> https server if possible.

You can use apache mod_ssl as a proxy server to an unencrypted
webserver and let snort run on the intermediate link.
Chris Green <cmg at ...402...>
A watched process never cores.

More information about the Snort-devel mailing list