[Snort-users] Query about description of SSL option in configure

Brian Caswell bmc at ...312...
Wed May 2 19:40:44 EDT 2001


Jason Haar wrote:
> Minor point, but the "--with-openssl=DIR" option in configure. As far as I'm
> aware, Snort only uses SSL for issues to do with the XML plugin? If that is
> the case, shouldn't that be rewritten as:
> 
> --with-openssl=DIR          for SSL support for the XML output module
> 
> ...until such a time as when Snort natively supports SSL for decrypting
> known SSL traffic (like ssldump) on the fly :-)
> 
> [HTTPS must be the absolute enemy of IDS systems at the moment. Try matching
> signatures when the attacker whacks away at your secure Web server.... :-(]

No, many things might use this.  I started work on SSL support for
postgres queries.  I'm sure that other plugins might use them as well.

-brian




More information about the Snort-users mailing list