Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix TLS 1.3 session resumption detection.

Browse source 
Now we detect TLS 1.3 session resumption by looking if both sides have
the PSK extension set, which is much more exact than the previous
approach.
This commit is contained in:
Johanna Amann 2020-12-15 16:28:14 +00:00 committed by Johanna Amann
parent 84315b54c3
commit 3c95c9a956
8 changed files with 256 additions and 197 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/analyzer/protocol/ssl/events.bif
View file

@ -559,7 +559,7 @@ event ssl_plaintext_data%(c: connection, is_orig: bool, record_version: count, c
## length: length of the entire message.
##
## .. zeek:see:: ssl_client_hello ssl_established ssl_extension ssl_server_hello
## ssl_alert ssl_heartbeat
## ssl_alert ssl_heartbeat ssl_probable_encrypted_handshake_message
event ssl_encrypted_data%(c: connection, is_orig: bool, record_version: count, content_type: count, length: count%);
## This event is generated for application data records of TLS 1.3 connections of which