Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

selective TLS interception #331

Open
or-adar opened this issue Aug 31, 2023 · 1 comment
Open

selective TLS interception #331

or-adar opened this issue Aug 31, 2023 · 1 comment

Comments

@or-adar
Copy link

or-adar commented Aug 31, 2023

Hi!
I'm looking at using sslsplit to analyze TLS traffic, however there are a few things I'm not sure whether they are supported:

  1. Does sslsplit support selective TLS?
    so tls traffic won't be intercepted for a list of domains that I can pass to it.
    if so, what should I pass or specify to skip tls inspection for the given domains?

  2. Can I offload the decrypted plain text to a different service and make additinal processings before they are being egressed?
    like analyzing the plain text and dropping the request and so on..

  3. If selective TLS inspection is supported, can I configure the list of domains (that I wish to skip inspection for)
    dynamically? if so, can it be done without stopping sslsplit? or there is no other way other than creating a new sslsplit process with the new configuration?
@sonertari
Copy link
Collaborator

See SSLproxy for answers to those questions. But SSLproxy does not support reloading proxyspecs and filtering rules (you should fully stop and restart sslproxy for that).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sonertari @or-adar