Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/johanna/its-time-to-add-more-tls-extension-types'

Browse source 
* origin/topic/johanna/its-time-to-add-more-tls-extension-types:
  SSL: Add new extension types and ECH test

(cherry picked from commit 3257c0e216)
This commit is contained in:
Johanna Amann 2023-10-31 16:17:33 +00:00 committed by Tim Wojtulewicz
parent 7fbc085c40
commit 2b5ac7ce19
8 changed files with 188 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

20
testing/btest/scripts/base/protocols/ssl/tls13-encrypted-client-hello.test Normal file
View file

@ -0,0 +1,20 @@
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13-ech.pcap %INPUT
# @TEST-EXEC: btest-diff ssl.log
# @TEST-EXEC: btest-diff .stdout
# This is a trace that uses the new encrypted client hello extension to hide (among others)
# the real value of the SNI.
@load base/protocols/ssl
event ssl_extension(c: connection, is_client: bool, code: count, val: string)
{
print is_client, SSL::extensions[code];
}
event ssl_extension_elliptic_curves(c: connection, is_client: bool, curves: index_vec)
{
print "Curves", c$id$orig_h, c$id$resp_h;
for ( i in curves )
print SSL::ec_curves[curves[i]];
}