Merge remote-tracking branch 'origin/topic/johanna/tls-more-data'

* origin/topic/johanna/tls-more-data: Update NEWS for ssl changes. SSL: test updates for record_layer version Final touches to SSL events with record layer version. Introduce ssl_plaintext_data event. Add record layer version to event ssl_encrypted_data. Add compression methods to ssl_client_hello event.
2025-10-02 06:38:20 +00:00 · 2018-08-30 09:28:41 -05:00 · 2018-08-30 09:28:41 -05:00 · 7e6fc58ab4
commit 7e6fc58ab4
parent 12aa37f242 3c7c60cf64
36 changed files with 333 additions and 132 deletions
--- a/16
+++ b/16
@ -223,6 +223,22 @@ New Functionality
  Since ssl_ecdh_server_params contains more information than the old
  ssl_server_curve event, ssl_server_curve is now marked as deprecated.

+- The ssl_application_data event was retired and replaced with ssl_plaintext_data.
+
+- Some SSL events were changed and now provide additional data. These events
+  are:
+
+  ssl_client_hello, ssl_server_hello, ssl_encrypted_data
+
+  If you use these events, you can make your scripts work on old and new versions
+  of Bro by wrapping the event definition in an @if, for example:
+
+    @if ( Version::at_least("2.6") || ( Version::number == 20500 && Version::info$commit >= 944 ) )
+    event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
+    @else
+    event ssl_client_hello(c: connection, version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec)
+    @endif
+
 - Functions for retrieving files by their ID have been added:
  Files::file_exists, Files::lookup_File