Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Include certificate information in SSL::Weak_Key notice

Browse source
This commit is contained in:
Johanna Amann 2022-05-11 18:56:04 +01:00
parent 0aafc8ae6c
commit 5f04f216bc
2 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/policy/protocols/ssl/weak-keys.zeek
View file

@ -57,7 +57,7 @@ event ssl_established(c: connection) &priority=3
local fuid = c$ssl$cert_chain[0]$fuid;
local cert = c$ssl$cert_chain[0]$x509$certificate;
local hash = c$ssl$cert_chain[0]$sha1;
local hash = c$ssl$cert_chain[0]$x509$fingerprint;
if ( !cert?$key_type || !cert?$key_length )
return;
@ -71,7 +71,9 @@ event ssl_established(c: connection) &priority=3
NOTICE([$note=Weak_Key,
$msg=fmt("Host uses weak certificate with %d bit key", key_length),
$conn=c, $suppress_for=1day,
$identifier=cat(c$id$resp_h, c$id$resp_h, hash, key_length)
$identifier=cat(c$id$resp_h, c$id$resp_h, hash, key_length),
$sub=fmt("Subject: %s", cert$subject),
$file_desc=fmt("Fingerprint: %s", hash)
]);
}