Inspect SSL/TLS on Non-Common Ports

Idea created by Miguel Sanchez on Aug 21, 2018
    Active
    Score25
    • Isaias Mercado
    • Moises Gomez
    • Esteban Rodriguez
    • Marco Valenti
    • Miguel Sanchez

    As far as we know, IPS signatures that look for SSL/TLS details like the version, do so in common SSL/TLS ports like TCP 443. We get that inspecting for SSL/TLS on every port will degrade performance, but it would be nice if the admin had the option to enable SSL/TLS inspection on IPS signatures in non-common ports.

     

    This might be needed in scenarios where a company has to change the default port for services that use SSL/TLS and would like to keep the controls provided by the IPS signatures.