Like it or not, TLS 1.3 is coming and will make network traffic opaque to inspection. This discussion will cover lessons learned from real-world, large-scale experience decrypting PFS-encrypted traffic and the various options available, including SSL fingerprinting, proxies and session-key forwarders installed on critical servers. Attendees will be able to formulate a strategy for retaining visibility into encrypted traffic that works for their organization.