HTTPS Support?


(Vincent Biret) #1

Hi everyone,

Do you plan to support HTTPS sniffing, as wireshark does ?

Thanks,

Vincent.


(Tudor Golubenco) #2

No plans at the moment, but we've only defined our own roadmap just for the very near future.


#3

Most key exchange algorithms used in TLS 1.2 are nowadays based on Diffie Hellman and make it 'impossible' to decode HTTPS traffic for a sniffer. It would need to have access to the master keys for the specific session, only the server private key is not sufficient.

Hence implementing TLS decoding in packetbeat is probably a dead end street. If you have some kind of HTTPS termination point in your infra (e.g. a load balancer or proxy) you can could try to capture behind the proxy.


(Vincent Biret) #4

It was purely for internal use, to analyse services using inter-regions communications on AWS which use HTTPS using self signed TLS certificates, ex: logstash-forwarder


(system) #5