[Snort-users] IDS & HTTPS

Jason Costomiris jcostom at ...2019...
Fri Mar 29 09:54:12 EST 2002

On Fri, Mar 29, 2002 at 10:30:59AM -0500, Ryan Johnson wrote:
:     Hi everyone,
:            Do any open source tools exist to terminate an ssl connection 
: and once the traffic has been decrypted, pass it back to a regular 
: webserver? It looks like stunnel might be able to to do this. I searched 
: google groups and someone suggested the same idea, but I have never heard 
: of it being implemented. Of course you can probably guess my reasoning 
: for wanting to do this, so I can use an ids to sniff the traffic. I was 
: told this appliance has the ability to do this 
: http://www.f5networks.com/BIGIP5K/

You could probably do that with stunnel, but you're likely to take quite
a hit performance-wise.  What you're describing is how 99.999% of the SSL
acceleration appliances out there operate.

Jason Costomiris <><           |  Technologist, geek, human.
jcostom {at} jasons {dot} org  |  http://www.jasons.org/ 
          Quidquid latine dictum sit, altum viditur.
                    My account, My opinions.

More information about the Snort-users mailing list