topic Re: TLS Metadata without decryption in Network Security https://community.cisco.com/t5/network-security/tls-metadata-without-decryption/m-p/5289093#M1120957 <P>Tls 1.2 SNI is not encrypt you capture abd check it&nbsp;</P> <P>Tls 1.3 SNI is encrypt</P> <P>For cert. I dont know why you want to see it ?</P> <P>MHM</P> Thu, 08 May 2025 14:16:38 GMT MHM Cisco World 2025-05-08T14:16:38Z TLS Metadata without decryption https://community.cisco.com/t5/network-security/tls-metadata-without-decryption/m-p/5289089#M1120956 <P>Hello - can FTD/FMC running snort3 collect &gt;TLS1.2 client hello/server cert metadata collection in connection events for example? I do not want to deploy EVE and SSL decrypt is not an option. I just want to capture server cert metadata, SNI etc. Is that possible?</P> Thu, 08 May 2025 14:11:02 GMT https://community.cisco.com/t5/network-security/tls-metadata-without-decryption/m-p/5289089#M1120956 JH8286 2025-05-08T14:11:02Z Re: TLS Metadata without decryption https://community.cisco.com/t5/network-security/tls-metadata-without-decryption/m-p/5289093#M1120957 <P>Tls 1.2 SNI is not encrypt you capture abd check it&nbsp;</P> <P>Tls 1.3 SNI is encrypt</P> <P>For cert. I dont know why you want to see it ?</P> <P>MHM</P> Thu, 08 May 2025 14:16:38 GMT https://community.cisco.com/t5/network-security/tls-metadata-without-decryption/m-p/5289093#M1120957 MHM Cisco World 2025-05-08T14:16:38Z Re: TLS Metadata without decryption https://community.cisco.com/t5/network-security/tls-metadata-without-decryption/m-p/5289098#M1120959 <P>How to capture though? Are they displayed in connection events? Server certificate should have SAN/CN/OU in clear at TLS1.2, but not sure if FTD/FMC captures this by default. It may be a snort3 thing, I only have access to snort2 sensors at the moment</P> Thu, 08 May 2025 14:22:52 GMT https://community.cisco.com/t5/network-security/tls-metadata-without-decryption/m-p/5289098#M1120959 JH8286 2025-05-08T14:22:52Z