Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 05:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/topic/johanna/cert-weak-key'

Browse source 
* origin/topic/johanna/cert-weak-key:
  Include certificate information in SSL::Weak_Key notice
This commit is contained in:
Johanna Amann 2022-05-12 11:03:25 +01:00
commit 5118e7f86b
4 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/policy/protocols/ssl/weak-keys.zeek
View file

@ -57,7 +57,7 @@ event ssl_established(c: connection) &priority=3
local fuid = c$ssl$cert_chain[0]$fuid;
local cert = c$ssl$cert_chain[0]$x509$certificate;
local hash = c$ssl$cert_chain[0]$sha1;
local hash = c$ssl$cert_chain[0]$x509$fingerprint;
if ( !cert?$key_type || !cert?$key_length )
return;
@ -71,7 +71,9 @@ event ssl_established(c: connection) &priority=3
NOTICE([$note=Weak_Key,
$msg=fmt("Host uses weak certificate with %d bit key", key_length),
$conn=c, $suppress_for=1day,
$identifier=cat(c$id$resp_h, c$id$resp_h, hash, key_length)
$identifier=cat(c$id$resp_h, c$id$resp_h, hash, key_length),
$sub=fmt("Subject: %s", cert$subject),
$file_desc=fmt("Fingerprint: %s", hash)
]);
}