Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
237
Views
0
Helpful
2
Replies

TLS Metadata without decryption

JH8286
Level 1
Level 1

‎05-08-2025 07:11 AM

Hello - can FTD/FMC running snort3 collect >TLS1.2 client hello/server cert metadata collection in connection events for example? I do not want to deploy EVE and SSL decrypt is not an option. I just want to capture server cert metadata, SNI etc. Is that possible?

0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎05-08-2025 07:16 AM

Tls 1.2 SNI is not encrypt you capture abd check it 

Tls 1.3 SNI is encrypt

For cert. I dont know why you want to see it ?

MHM

0 Helpful

JH8286
Level 1
Level 1
In response to MHM Cisco World

‎05-08-2025 07:22 AM

How to capture though? Are they displayed in connection events? Server certificate should have SAN/CN/OU in clear at TLS1.2, but not sure if FTD/FMC captures this by default. It may be a snort3 thing, I only have access to snort2 sensors at the moment

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card