Hi everyone,
Do you plan to support HTTPS sniffing, as wireshark does ?
Thanks,
Vincent.
No plans at the moment, but we've only defined our own roadmap just for the very near future.
Most key exchange algorithms used in TLS 1.2 are nowadays based on Diffie Hellman and make it 'impossible' to decode HTTPS traffic for a sniffer. It would need to have access to the master keys for the specific session, only the server private key is not sufficient.
Hence implementing TLS decoding in packetbeat is probably a dead end street. If you have some kind of HTTPS termination point in your infra (e.g. a load balancer or proxy) you can could try to capture behind the proxy.
It was purely for internal use, to analyse services using inter-regions communications on AWS which use HTTPS using self signed TLS certificates, ex: logstash-forwarder