[Feature Request] Add Polarproxy. #8245
Comments
|
no source distribution, no freebsd support for starters.... |
My major demanding is to decrypt SSL traffic for Suricata with my own CA. Can we consider an alternative solution by using HAproxy or anything else? |
|
I'm open for architectures that have a chance of reaching a functional state, but realistically it's not very likely to happen. Injecting a forward proxy (squid) with an icap engine to offload decrypted traffic (or an uncrypted cache peer) is the closest you might be able to get (with opensource tools) into a functional state, but wouldn't integrate at all with Suricata.... If you need TLS inspection in a user friendly way, you can always take a look at Zenarmor... |
|
The only open source project I could find that is fully supported by freebsd, and has reports of being able to do MITM and decrypted traffic mirroring to suricata is this project: https://github.com/droe/sslsplit Implementing and testing all of this and then keeping the implementation maintained would be a huge effort though. Zenarmor could be the better choice, especially for businesses. As home user these features are pretty much never needed. |
|
Here another one, this one supports TLS 1.3 |
Surprise, surprise! ;) |
|
sslproxy is the successor of sslsplit but both are buggy (on FreeBSD). Did not try sslproxy recently but sslsplit was messy. |
|
Can we integrate it into OPNsense web interface? If not, can we use HAproxy to do SSL termination for IPS?
…On January 27, 2025 3:18:38 PM UTC, Michael ***@***.***> wrote:
sslproxy is the successor of sslsplit but both are buggy (on FreeBSD). Did not try sslproxy recently but sslsplit was messy.
--
Reply to this email directly or view it on GitHub:
#8245 (comment)
You are receiving this because you authored the thread.
Message ID: ***@***.***>
|
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Is your feature request related to a problem? Please describe.
For the purpose of transfer OPNsense to a full open source and free NGFW, I am missing a solution that will use my own CA certificate to do SSL deep inspection with Suricata.
Describe the solution you like
Polarproxy seems like a good project that we can use to decrypt SSL encrypted traffic and send decrypted traffic to Suricata.
Describe alternatives you considered
Use HAproxy instead. I don't know how to make it work but I believe OPNsense developer can help me on that.
The text was updated successfully, but these errors were encountered: