Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 00:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix TLS 1.3 session resumption detection.

Browse source 
Now we detect TLS 1.3 session resumption by looking if both sides have
the PSK extension set, which is much more exact than the previous
approach.
This commit is contained in:
Johanna Amann 2020-12-15 16:28:14 +00:00 committed by Johanna Amann
parent 84315b54c3
commit 3c95c9a956
8 changed files with 256 additions and 197 deletions
Download patch file Download diff file Expand all files Collapse all files

6
testing/btest/scripts/base/protocols/ssl/tls13.test
View file

@ -1,13 +1,19 @@
# @TEST-EXEC: echo "tls13draft16-chrome55.0.2879.0-canary-aborted.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT
# @TEST-EXEC: cat ssl.log > ssl-out.log
# @TEST-EXEC: echo "tls13draft16-chrome55.0.2879.0-canary.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-out.log
# @TEST-EXEC: echo "tls13draft16-ff52.a01-aborted.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-out.log
# @TEST-EXEC: echo "tls13draft16-ff52.a01.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-out.log
# @TEST-EXEC: echo "tls13_psk_succesfull.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/tls13_psk_succesfull.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-out.log
# @TEST-EXEC: echo "hrr.pcap"
# @TEST-EXEC: zeek -b -C -r $TRACES/tls/hrr.pcap %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-out.log
# @TEST-EXEC: btest-diff ssl-out.log