diff --git a/scripts/base/protocols/ssl/consts.zeek b/scripts/base/protocols/ssl/consts.zeek
index ce6314a4ef..cc953df3ab 100644
--- a/scripts/base/protocols/ssl/consts.zeek
+++ b/scripts/base/protocols/ssl/consts.zeek
@@ -549,12 +549,18 @@ export {
 	const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3;
 	const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4;
 	const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5;
-	# draft-ietf-tls-tls13-16
+	# RFC8998
+	const TLS_SM4_GCM_SM3 = 0x00C6;
+	const TLS_SM4_CCM_SM3 = 0x00C7;
+	# RFC8446
 	const TLS_AES_128_GCM_SHA256 = 0x1301;
 	const TLS_AES_256_GCM_SHA384 = 0x1302;
 	const TLS_CHACHA20_POLY1305_SHA256 = 0x1303;
 	const TLS_AES_128_CCM_SHA256 = 0x1304;
 	const TLS_AES_128_CCM_8_SHA256 = 0x1305;
+	# draft-irtf-cfrg-aegis-aead-00
+	const TLS_AEGIS_256_SHA384 = 0x1306;
+	const TLS_AEGIS_128L_SHA256 = 0x1307;
 	# Google...
 	const TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x16b7;
 	const TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x16b8;
@@ -741,6 +747,23 @@ export {
 	const TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD;
 	const TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE;
 	const TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF;
+	# RFC8492]
+	const TLS_ECCPWD_WITH_AES_128_GCM_SHA256 = 0xC0B0;
+	const TLS_ECCPWD_WITH_AES_256_GCM_SHA384 = 0xC0B1;
+	const TLS_ECCPWD_WITH_AES_128_CCM_SHA256 = 0xC0B2;
+	const TLS_ECCPWD_WITH_AES_256_CCM_SHA384 = 0xC0B3;
+	# RFC RFC9150
+	const TLS_SHA256_SHA256 = 0xC0B4;
+	const TLS_SHA384_SHA384 = 0xC0B5;
+	# RFC9189
+	const TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC = 0xC100;
+	const TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC = 0xC101;
+	const TLS_GOSTR341112_256_WITH_28147_CNT_IMIT = 0xC102;
+	# RFC9367
+	const TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L = 0xC103;
+	const TLS_GOSTR341112_256_WITH_MAGMA_MGM_L = 0xC104;
+	const TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S = 0xC105;
+	const TLS_GOSTR341112_256_WITH_MAGMA_MGM_S = 0xC106;
 	# draft-agl-tls-chacha20poly1305-02
 	const TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC13;
 	const TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC14;
@@ -753,11 +776,13 @@ export {
 	const TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAC;
 	const TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAD;
 	const TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAE;
-	# draft-ietf-tls-ecdhe-psk-aead-05
+	# draft-ietf-tls-ecdhe-psk-aead-05 - didn't make it into RFC8442 like this
+	const TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256_OLD = 0xD004;
+	# RFC8442
 	const TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0xD001;
 	const TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 = 0xD002;
 	const TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 = 0xD003;
-	const TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 = 0xD004;
+	const TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 = 0xD005;
 
 	const SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE;
 	const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF;
@@ -773,17 +798,16 @@ export {
 	## detecting unknown ciphers and for converting the cipher spec
 	## constants into a human readable format.
 	const cipher_desc: table[count] of string = {
-		[SSLv20_CK_RC4_128_EXPORT40_WITH_MD5] =
-			"SSLv20_CK_RC4_128_EXPORT40_WITH_MD5",
+		# SSLv2
 		[SSLv20_CK_RC4_128_WITH_MD5] = "SSLv20_CK_RC4_128_WITH_MD5",
+		[SSLv20_CK_RC4_128_EXPORT40_WITH_MD5] = "SSLv20_CK_RC4_128_EXPORT40_WITH_MD5",
 		[SSLv20_CK_RC2_128_CBC_WITH_MD5] = "SSLv20_CK_RC2_128_CBC_WITH_MD5",
-		[SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5] =
-			"SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5",
+		[SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5] = "SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5",
 		[SSLv20_CK_IDEA_128_CBC_WITH_MD5] = "SSLv20_CK_IDEA_128_CBC_WITH_MD5",
-		[SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5] =
-			"SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5",
 		[SSLv20_CK_DES_64_CBC_WITH_MD5] = "SSLv20_CK_DES_64_CBC_WITH_MD5",
+		[SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5] = "SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5",
 
+		# TLS
 		[TLS_NULL_WITH_NULL_NULL] = "TLS_NULL_WITH_NULL_NULL",
 		[TLS_RSA_WITH_NULL_MD5] = "TLS_RSA_WITH_NULL_MD5",
 		[TLS_RSA_WITH_NULL_SHA] = "TLS_RSA_WITH_NULL_SHA",
@@ -866,6 +890,7 @@ export {
 		[TLS_DHE_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
 		[TLS_DH_ANON_WITH_AES_128_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA256",
 		[TLS_DH_ANON_WITH_AES_256_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA256",
+		# draft-ietf-tls-openpgp-keys-06
 		[TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD] = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD",
 		[TLS_DHE_DSS_WITH_AES_128_CBC_RMD] = "TLS_DHE_DSS_WITH_AES_128_CBC_RMD",
 		[TLS_DHE_DSS_WITH_AES_256_CBC_RMD] = "TLS_DHE_DSS_WITH_AES_256_CBC_RMD",
@@ -875,6 +900,7 @@ export {
 		[TLS_RSA_WITH_3DES_EDE_CBC_RMD] = "TLS_RSA_WITH_3DES_EDE_CBC_RMD",
 		[TLS_RSA_WITH_AES_128_CBC_RMD] = "TLS_RSA_WITH_AES_128_CBC_RMD",
 		[TLS_RSA_WITH_AES_256_CBC_RMD] = "TLS_RSA_WITH_AES_256_CBC_RMD",
+		# draft-chudov-cryptopro-cptls-04
 		[TLS_GOSTR341094_WITH_28147_CNT_IMIT] = "TLS_GOSTR341094_WITH_28147_CNT_IMIT",
 		[TLS_GOSTR341001_WITH_28147_CNT_IMIT] = "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
 		[TLS_GOSTR341094_WITH_NULL_GOSTR3411] = "TLS_GOSTR341094_WITH_NULL_GOSTR3411",
@@ -945,16 +971,26 @@ export {
 		[TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
 		[TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
 		[TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256",
+		# RFC8998
+		[TLS_SM4_GCM_SM3] = "TLS_SM4_GCM_SM3",
+		[TLS_SM4_CCM_SM3] = "TLS_SM4_CCM_SM3",
+		# RFC8446
 		[TLS_AES_128_GCM_SHA256] = "TLS_AES_128_GCM_SHA256",
 		[TLS_AES_256_GCM_SHA384] = "TLS_AES_256_GCM_SHA384",
 		[TLS_CHACHA20_POLY1305_SHA256] = "TLS_CHACHA20_POLY1305_SHA256",
 		[TLS_AES_128_CCM_SHA256] = "TLS_AES_128_CCM_SHA256",
 		[TLS_AES_128_CCM_8_SHA256] = "TLS_AES_128_CCM_8_SHA256",
+		# draft-irtf-cfrg-aegis-aead-00
+		[TLS_AEGIS_256_SHA384] = "TLS_AEGIS_256_SHA384",
+		[TLS_AEGIS_128L_SHA256] = "TLS_AEGIS_128L_SHA256",
+		# Google...
 		[TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256] = "TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256",
 		[TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256] = "TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
 		[TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384] = "TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384",
 		[TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384] = "TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384",
+		# draft-bmoeller-tls-downgrade-scsv-01
 		[TLS_FALLBACK_SCSV] = "TLS_FALLBACK_SCSV",
+		# RFC 4492
 		[TLS_ECDH_ECDSA_WITH_NULL_SHA] = "TLS_ECDH_ECDSA_WITH_NULL_SHA",
 		[TLS_ECDH_ECDSA_WITH_RC4_128_SHA] = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
 		[TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
@@ -1014,6 +1050,7 @@ export {
 		[TLS_ECDHE_PSK_WITH_NULL_SHA] = "TLS_ECDHE_PSK_WITH_NULL_SHA",
 		[TLS_ECDHE_PSK_WITH_NULL_SHA256] = "TLS_ECDHE_PSK_WITH_NULL_SHA256",
 		[TLS_ECDHE_PSK_WITH_NULL_SHA384] = "TLS_ECDHE_PSK_WITH_NULL_SHA384",
+		# RFC 6209
 		[TLS_RSA_WITH_ARIA_128_CBC_SHA256] = "TLS_RSA_WITH_ARIA_128_CBC_SHA256",
 		[TLS_RSA_WITH_ARIA_256_CBC_SHA384] = "TLS_RSA_WITH_ARIA_256_CBC_SHA384",
 		[TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256] = "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256",
@@ -1068,6 +1105,7 @@ export {
 		[TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384] = "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384",
 		[TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256] = "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256",
 		[TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384] = "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384",
+		# RFC 6367
 		[TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
 		[TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384] = "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384",
 		[TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256",
@@ -1110,6 +1148,7 @@ export {
 		[TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384] = "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384",
 		[TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256",
 		[TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384] = "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384",
+		# RFC 6655
 		[TLS_RSA_WITH_AES_128_CCM] = "TLS_RSA_WITH_AES_128_CCM",
 		[TLS_RSA_WITH_AES_256_CCM] = "TLS_RSA_WITH_AES_256_CCM",
 		[TLS_DHE_RSA_WITH_AES_128_CCM] = "TLS_DHE_RSA_WITH_AES_128_CCM",
@@ -1130,9 +1169,28 @@ export {
 		[TLS_ECDHE_ECDSA_WITH_AES_256_CCM] = "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
 		[TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8] = "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
 		[TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8] = "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
+		# RFC8492]
+		[TLS_ECCPWD_WITH_AES_128_GCM_SHA256] = "TLS_ECCPWD_WITH_AES_128_GCM_SHA256",
+		[TLS_ECCPWD_WITH_AES_256_GCM_SHA384] = "TLS_ECCPWD_WITH_AES_256_GCM_SHA384",
+		[TLS_ECCPWD_WITH_AES_128_CCM_SHA256] = "TLS_ECCPWD_WITH_AES_128_CCM_SHA256",
+		[TLS_ECCPWD_WITH_AES_256_CCM_SHA384] = "TLS_ECCPWD_WITH_AES_256_CCM_SHA384",
+		# RFC RFC9150
+		[TLS_SHA256_SHA256] = "TLS_SHA256_SHA256",
+		[TLS_SHA384_SHA384] = "TLS_SHA384_SHA384",
+		# RFC9189
+		[TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC] = "TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC",
+		[TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC] = "TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC",
+		[TLS_GOSTR341112_256_WITH_28147_CNT_IMIT] = "TLS_GOSTR341112_256_WITH_28147_CNT_IMIT",
+		# RFC9367
+		[TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L] = "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L",
+		[TLS_GOSTR341112_256_WITH_MAGMA_MGM_L] = "TLS_GOSTR341112_256_WITH_MAGMA_MGM_L",
+		[TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S] = "TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S",
+		[TLS_GOSTR341112_256_WITH_MAGMA_MGM_S] = "TLS_GOSTR341112_256_WITH_MAGMA_MGM_S",
+		# draft-agl-tls-chacha20poly1305-02
 		[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD] = "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD",
 		[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD] = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD",
 		[TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD] = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD",
+		# RFC 7905
 		[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256] = "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
 		[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256] = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
 		[TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256] = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
@@ -1140,10 +1198,14 @@ export {
 		[TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256] = "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
 		[TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256] = "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",
 		[TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256] = "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256",
+		# draft-ietf-tls-ecdhe-psk-aead-05 - didn't make it into RFC8442 like this
+		[TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256_OLD] = "TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256_OLD",
+		# RFC8442
 		[TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256] = "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256",
 		[TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384] = "TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384",
 		[TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256] = "TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256",
 		[TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256] = "TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256",
+
 		[SSL_RSA_FIPS_WITH_DES_CBC_SHA] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA",
 		[SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
 		[SSL_RSA_FIPS_WITH_DES_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA_2",
diff --git a/src/analyzer/protocol/ssl/ssl-defs.pac b/src/analyzer/protocol/ssl/ssl-defs.pac
index 1fc37697e3..6bea4c41cf 100644
--- a/src/analyzer/protocol/ssl/ssl-defs.pac
+++ b/src/analyzer/protocol/ssl/ssl-defs.pac
@@ -201,6 +201,8 @@ enum TLSCiphers {
 	TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
 	TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A,
 	TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B,
+	SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C,
+	SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D,
 	TLS_KRB5_WITH_DES_CBC_SHA = 0x001E,
 	TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F,
 	TLS_KRB5_WITH_RC4_128_SHA = 0x0020,
@@ -334,6 +336,23 @@ enum TLSCiphers {
 	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3,
 	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4,
 	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5,
+	# RFC8998
+	TLS_SM4_GCM_SM3 = 0x00C6,
+	TLS_SM4_CCM_SM3 = 0x00C7,
+	# RFC8446
+	TLS_AES_128_GCM_SHA256 = 0x1301,
+	TLS_AES_256_GCM_SHA384 = 0x1302,
+	TLS_CHACHA20_POLY1305_SHA256 = 0x1303,
+	TLS_AES_128_CCM_SHA256 = 0x1304,
+	TLS_AES_128_CCM_8_SHA256 = 0x1305,
+	# draft-irtf-cfrg-aegis-aead-00
+	TLS_AEGIS_256_SHA384 = 0x1306,
+	TLS_AEGIS_128L_SHA256 = 0x1307,
+	# Google...
+	TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0x16b7,
+	TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0x16b8,
+	TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384 = 0x16b9,
+	TLS_CECPQ1_ECDSA_WITH_AES_256_GCM_SHA384 = 0x16ba,
 	# draft-bmoeller-tls-downgrade-scsv-01
 	TLS_FALLBACK_SCSV = 0x5600,
 	# RFC 4492
@@ -515,8 +534,50 @@ enum TLSCiphers {
 	TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD,
 	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE,
 	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF,
+	# RFC8492]
+	TLS_ECCPWD_WITH_AES_128_GCM_SHA256 = 0xC0B0,
+	TLS_ECCPWD_WITH_AES_256_GCM_SHA384 = 0xC0B1,
+	TLS_ECCPWD_WITH_AES_128_CCM_SHA256 = 0xC0B2,
+	TLS_ECCPWD_WITH_AES_256_CCM_SHA384 = 0xC0B3,
+	# RFC RFC9150
+	TLS_SHA256_SHA256 = 0xC0B4,
+	TLS_SHA384_SHA384 = 0xC0B5,
+	# RFC9189
+	TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC = 0xC100,
+	TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC = 0xC101,
+	TLS_GOSTR341112_256_WITH_28147_CNT_IMIT = 0xC102,
+	# RFC9367
+	TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_L = 0xC103,
+	TLS_GOSTR341112_256_WITH_MAGMA_MGM_L = 0xC104,
+	TLS_GOSTR341112_256_WITH_KUZNYECHIK_MGM_S = 0xC105,
+	TLS_GOSTR341112_256_WITH_MAGMA_MGM_S = 0xC106,
 	# draft-agl-tls-chacha20poly1305-02
-	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC13,
-	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC14,
-	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC15
+	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC13,
+	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC14,
+	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC15,
+	# RFC 7905
+	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8,
+	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9,
+	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAA,
+	TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAB,
+	TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAC,
+	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAD,
+	TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAE,
+	# draft-ietf-tls-ecdhe-psk-aead-05 - didn't make it into RFC8442 like this
+	TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256_OLD = 0xD004,
+	# RFC8442
+	TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0xD001,
+	TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384 = 0xD002,
+	TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256 = 0xD003,
+	TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256 = 0xD005,
+
+	SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE,
+	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF,
+	SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1,
+	SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0,
+	SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80,
+	SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81,
+	SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82,
+	SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83,
+	TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF
 };
diff --git a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac
index 014afa7490..86fa538006 100644
--- a/src/analyzer/protocol/ssl/tls-handshake-protocol.pac
+++ b/src/analyzer/protocol/ssl/tls-handshake-protocol.pac
@@ -244,8 +244,14 @@ type ServerKeyExchange(rec: HandshakeRecord) = case $context.connection.chosen_c
 	TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
 	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
 	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD,
+	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD,
 	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+	TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
+	TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384,
+	TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256,
+	TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256
 		-> ecdhe_server_key_exchange : EcdheServerKeyExchange(rec);
 
 	# ECDH-anon suites
@@ -333,7 +339,9 @@ type ServerKeyExchange(rec: HandshakeRecord) = case $context.connection.chosen_c
 	TLS_DHE_PSK_WITH_AES_256_CCM,
 	TLS_PSK_DHE_WITH_AES_128_CCM_8,
 	TLS_PSK_DHE_WITH_AES_256_CCM_8,
-	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD,
+	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+	TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
 		-> dhe_server_key_exchange : DheServerKeyExchange(rec);
 
 	# DH-anon suites
diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/ssl.log b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/ssl.log
index 9157aa9d0c..1caedd8593 100644
--- a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/ssl.log
+++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-2/ssl.log
@@ -7,12 +7,12 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	ssl_history	cert_chain_fps	client_cert_chain_fps	sni_matches_cert	validation_status
 #types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	string	vector[string]	vector[string]	bool	string
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	167.71.55.249	37680	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	167.71.55.249	37682	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	167.71.55.249	37684	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	CtPZjS20MLrsMUOJi2	167.71.55.249	37686	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	CUM0KZ3MLUfNB0cl11	167.71.55.249	37688	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
-XXXXXXXXXX.XXXXXX	CmES5u32sYpV7JYN	167.71.55.249	37690	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
-XXXXXXXXXX.XXXXXX	CP5puj4I8PtEU4qzYg	167.71.55.249	37692	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
-XXXXXXXXXX.XXXXXX	C37jN32gN3y3AZzyf6	167.71.55.249	37694	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	167.71.55.249	37680	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	167.71.55.249	37682	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	167.71.55.249	37684	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	CtPZjS20MLrsMUOJi2	167.71.55.249	37686	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	CUM0KZ3MLUfNB0cl11	167.71.55.249	37688	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	CmES5u32sYpV7JYN	167.71.55.249	37690	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	CP5puj4I8PtEU4qzYg	167.71.55.249	37692	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	C37jN32gN3y3AZzyf6	167.71.55.249	37694	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/ssl.log b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/ssl.log
index 9157aa9d0c..1caedd8593 100644
--- a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/ssl.log
+++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs-3/ssl.log
@@ -7,12 +7,12 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	ssl_history	cert_chain_fps	client_cert_chain_fps	sni_matches_cert	validation_status
 #types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	string	vector[string]	vector[string]	bool	string
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	167.71.55.249	37680	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	167.71.55.249	37682	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	167.71.55.249	37684	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	CtPZjS20MLrsMUOJi2	167.71.55.249	37686	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	CUM0KZ3MLUfNB0cl11	167.71.55.249	37688	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
-XXXXXXXXXX.XXXXXX	CmES5u32sYpV7JYN	167.71.55.249	37690	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
-XXXXXXXXXX.XXXXXX	CP5puj4I8PtEU4qzYg	167.71.55.249	37692	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
-XXXXXXXXXX.XXXXXX	C37jN32gN3y3AZzyf6	167.71.55.249	37694	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	167.71.55.249	37680	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	167.71.55.249	37682	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	167.71.55.249	37684	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	CtPZjS20MLrsMUOJi2	167.71.55.249	37686	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	CUM0KZ3MLUfNB0cl11	167.71.55.249	37688	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	CmES5u32sYpV7JYN	167.71.55.249	37690	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	CP5puj4I8PtEU4qzYg	167.71.55.249	37692	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	C37jN32gN3y3AZzyf6	167.71.55.249	37694	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/ssl.log b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/ssl.log
index 9157aa9d0c..1caedd8593 100644
--- a/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/ssl.log
+++ b/testing/btest/Baseline/scripts.base.files.x509.disable-certificate-events-known-certs/ssl.log
@@ -7,12 +7,12 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	ssl_history	cert_chain_fps	client_cert_chain_fps	sni_matches_cert	validation_status
 #types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	string	vector[string]	vector[string]	bool	string
-XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	167.71.55.249	37680	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	167.71.55.249	37682	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	167.71.55.249	37684	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	CtPZjS20MLrsMUOJi2	167.71.55.249	37686	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	-	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
-XXXXXXXXXX.XXXXXX	CUM0KZ3MLUfNB0cl11	167.71.55.249	37688	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
-XXXXXXXXXX.XXXXXX	CmES5u32sYpV7JYN	167.71.55.249	37690	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
-XXXXXXXXXX.XXXXXX	CP5puj4I8PtEU4qzYg	167.71.55.249	37692	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
-XXXXXXXXXX.XXXXXX	C37jN32gN3y3AZzyf6	167.71.55.249	37694	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	-	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	167.71.55.249	37680	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	167.71.55.249	37682	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	167.71.55.249	37684	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	CtPZjS20MLrsMUOJi2	167.71.55.249	37686	142.250.179.196	443	TLSv12	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	x25519	-	F	-	-	T	CsxknGIti	7c4cb8ef8d84a20171b3ee521b2be4d973b5fcf9cfbd1786e5581c7fed14da47,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	-	ok
+XXXXXXXXXX.XXXXXX	CUM0KZ3MLUfNB0cl11	167.71.55.249	37688	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	CmES5u32sYpV7JYN	167.71.55.249	37690	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	CP5puj4I8PtEU4qzYg	167.71.55.249	37692	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
+XXXXXXXXXX.XXXXXX	C37jN32gN3y3AZzyf6	167.71.55.249	37694	142.250.179.196	443	TLSv12	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256	x25519	www.google.com	F	-	-	T	CsxknGIti	c4d4c1fde956a63916e6886df676570da046396d31ee1f8aad5d59c8865d274d,23ecb03eec17338c4e33a6b48a41dc3cda12281bbc3ff813c0589d6cc2387522,3ee0278df71fa3c125c4cd487f01d774694e6fc57e0cd94c24efd769133918e5	(empty)	T	ok
 #close XXXX-XX-XX-XX-XX-XX