19Nis
Is it possible to see HTTPS traffic without intercepting? (With a copy of the traffic) [duplicate]
I have a WAF solution that can work both inline and out-of-band. And we want to try the OOB option first. And possibly want to see HTTPS traffic as well.
But the vendor says if we want to see the HTTPS traffic, we should implement the solution inline (sits in the middle of the traffic). Otherwise, we need to analyze the decrypted HTTP traffic if we're going to use it in passive mode (i.e. send a decrypted copy of the traffic to the solution). I'm just wondering if that's really the case.
Is it impossible or does it have too many challenges to see HTTPS traffic with an out-of-band implementation?
https://umu.diva-portal.org/smash/get/diva2:1565963/FULLTEXT01.pdf says it's possible but with some specific situations and cipher suites.
