Merge remote-tracking branch 'origin/topic/bernhard/ec-curve'

BIT-1189 #merged

* origin/topic/bernhard/ec-curve:
  fix broxygen errors
  Polish changes for ecdhe/dhe
  Add DH support to SSL analyzer.
  Add a few more ciphers Bro did not know at all so far.
  Forgot a few ciphers in the EC list...
  Log chosen curve when using ec cipher suite in TLS.

scripts/base/protocols/ssl/consts.bro

@@ -487,6 +487,10 @@ export {
 	const TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9;
 	const TLS_PSK_DHE_WITH_AES_128_CCM_8 = 0xC0AA;
 	const TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB;
+	const TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC;
+	const TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD;
+	const TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE;
+	const TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF;
 	# draft-agl-tls-chacha20poly1305-02
 	const TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC13;
 	const TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC14;
@@ -850,6 +854,10 @@ export {
 		[TLS_PSK_WITH_AES_256_CCM_8] = "TLS_PSK_WITH_AES_256_CCM_8",
 		[TLS_PSK_DHE_WITH_AES_128_CCM_8] = "TLS_PSK_DHE_WITH_AES_128_CCM_8",
 		[TLS_PSK_DHE_WITH_AES_256_CCM_8] = "TLS_PSK_DHE_WITH_AES_256_CCM_8",
+		[TLS_ECDHE_ECDSA_WITH_AES_128_CCM] = "TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
+		[TLS_ECDHE_ECDSA_WITH_AES_256_CCM] = "TLS_ECDHE_ECDSA_WITH_AES_256_CCM",
+		[TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8] = "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",
+		[TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8] = "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",
 		[TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256] = "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
 		[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256] = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
 		[TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256] = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",

scripts/base/protocols/ssl/main.bro

@@ -19,6 +19,8 @@ export {
 		version:          string           &log &optional;
 		## SSL/TLS cipher suite that the server chose.
 		cipher:           string           &log &optional;
+		## Elliptic curve the server chose when using ECDH/ECDHE.
+		curve:            string           &log &optional;
 		## Value of the Server Name Indicator SSL/TLS extension.  It
 		## indicates the server name that the client was requesting.
 		server_name:      string           &log &optional;
@@ -159,6 +161,13 @@ event ssl_server_hello(c: connection, version: count, possible_ts: time, server_
 	c$ssl$cipher = cipher_desc[cipher];
 	}
 
+event ssl_server_curve(c: connection, curve: count) &priority=5
+	{
+	set_session(c);
+
+	c$ssl$curve = ec_curves[curve];
+	}
+
 event ssl_extension_server_name(c: connection, is_orig: bool, names: string_vec) &priority=5
 	{
 	set_session(c);

scripts/policy/protocols/ssl/weak-keys.bro

@@ -0,0 +1,91 @@
+##! Generate notices when SSL/TLS connections use certificates or DH parameters
+##! that have potentially unsafe key lengths.
+
+@load base/protocols/ssl
+@load base/frameworks/notice
+@load base/utils/directions-and-hosts
+
+module SSL;
+
+export {
+	redef enum Notice::Type += {
+		## Indicates that a server is using a potentially unsafe key.
+		Weak_Key,
+	};
+
+	## The category of hosts you would like to be notified about which have
+	## certificates that are going to be expiring soon.  By default, these
+	## notices will be suppressed by the notice framework for 1 day after a particular
+	## certificate has had a notice generated. Choices are: LOCAL_HOSTS, REMOTE_HOSTS,
+	## ALL_HOSTS, NO_HOSTS
+	const notify_weak_keys = LOCAL_HOSTS &redef;
+
+	## The minimal key length in bits that is considered to be safe. Any shorter
+	## (non-EC) key lengths will trigger the notice.
+	const notify_minimal_key_length = 1024 &redef;
+
+	## Warn if the DH key length is smaller than the certificate key length. This is
+	## potentially unsafe because it gives a wrong impression of safety due to the
+	## certificate key length. However, it is very common and cannot be avoided in some
+	## settings (e.g. with old jave clients).
+	const notify_dh_length_shorter_cert_length = T &redef;
+}
+
+# We check key lengths only for DSA or RSA certificates. For others, we do
+# not know what is safe (e.g. EC is safe even with very short key lengths).
+event ssl_established(c: connection) &priority=3
+	{
+	# If there are no certificates or we are not interested in the server, just return.
+	if ( ! c$ssl?$cert_chain || |c$ssl$cert_chain| == 0 ||
+	     ! addr_matches_host(c$id$resp_h, notify_weak_keys) )
+		return;
+
+	local fuid = c$ssl$cert_chain_fuids[0];
+	local cert = c$ssl$cert_chain[0]$x509$certificate;
+
+	if ( !cert?$key_type || !cert?$key_length )
+		return;
+
+	if ( cert$key_type != "dsa" && cert$key_type != "rsa" )
+		return;
+
+	local key_length = cert$key_length;
+
+	if ( key_length < notify_minimal_key_length )
+		NOTICE([$note=Weak_Key,
+			$msg=fmt("Host uses weak certificate with %d bit key", key_length),
+			$conn=c, $suppress_for=1day,
+			$identifier=cat(c$id$orig_h, c$id$orig_p, key_length)
+		]);
+	}
+
+event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string) &priority=3
+	{
+	if ( ! addr_matches_host(c$id$resp_h, notify_weak_keys) )
+		return;
+
+	local key_length = |Ys| * 8; # key length in bits
+ 
+	if ( key_length < notify_minimal_key_length )
+		NOTICE([$note=Weak_Key,
+			$msg=fmt("Host uses weak DH parameters with %d key bits", key_length),
+			$conn=c, $suppress_for=1day,
+			$identifier=cat(c$id$orig_h, c$id$orig_p, key_length)
+		]);
+
+	if ( notify_dh_length_shorter_cert_length &&
+	     c?$ssl && c$ssl?$cert_chain && |c$ssl$cert_chain| > 0 && c$ssl$cert_chain[0]?$x509 &&
+	     c$ssl$cert_chain[0]$x509?$certificate && c$ssl$cert_chain[0]$x509$certificate?$key_type &&
+	     (c$ssl$cert_chain[0]$x509$certificate$key_type == "rsa" ||
+	       c$ssl$cert_chain[0]$x509$certificate$key_type == "dsa" ))
+		{
+		if ( c$ssl$cert_chain[0]$x509$certificate?$key_length &&
+		     c$ssl$cert_chain[0]$x509$certificate$key_length > key_length )
+			NOTICE([$note=Weak_Key,
+				$msg=fmt("DH key length of %d bits is smaller certificate key length of %d bits",
+					 key_length, c$ssl$cert_chain[0]$x509$certificate$key_length),
+				$conn=c, $suppress_for=1day,
+				$identifier=cat(c$id$orig_h, c$id$orig_p)
+			       ]);
+		}
+	}

scripts/test-all-policy.bro

@@ -90,6 +90,7 @@
 @load protocols/ssl/log-hostcerts-only.bro
 #@load protocols/ssl/notary.bro
 @load protocols/ssl/validate-certs.bro
+@load protocols/ssl/weak-keys.bro
 @load tuning/__load__.bro
 @load tuning/defaults/__load__.bro
 @load tuning/defaults/extracted_file_limits.bro

src/analyzer/protocol/ssl/events.bif

@@ -58,7 +58,8 @@ event ssl_client_hello%(c: connection, version: count, possible_ts: time, client
 ##              standardized as part of the SSL/TLS protocol.
 ##
 ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_extension
-##    ssl_session_ticket_handshake x509_certificate
+##    ssl_session_ticket_handshake x509_certificate ssl_server_curve
+##    ssl_dh_server_params
 event ssl_server_hello%(c: connection, version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count%);
 
 ## Generated for SSL/TLS extensions seen in an initial handshake.  SSL/TLS
@@ -97,7 +98,7 @@ event ssl_extension%(c: connection, is_orig: bool, code: count, val: string%);
 ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello
 ##    ssl_session_ticket_handshake ssl_extension
 ##    ssl_extension_ec_point_formats ssl_extension_application_layer_protocol_negotiation
-##    ssl_extension_server_name
+##    ssl_extension_server_name ssl_server_curve
 event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index_vec%);
 
 ## Generated for an SSL/TLS Supported Point Formats extension. This TLS extension
@@ -114,9 +115,39 @@ event ssl_extension_elliptic_curves%(c: connection, is_orig: bool, curves: index
 ## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello
 ##    ssl_session_ticket_handshake ssl_extension
 ##    ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation
-##    ssl_extension_server_name
+##    ssl_extension_server_name ssl_server_curve
 event ssl_extension_ec_point_formats%(c: connection, is_orig: bool, point_formats: index_vec%);
 
+## Generated if a named curve is chosen by the server for an SSL/TLS connection. The
+## curve is sent by the server in the ServerKeyExchange message as defined in
+## :rfc:`4492`, in case an ECDH or ECDHE cipher suite is chosen.
+##
+## c: The connection.
+##
+## point_formats: List of supported point formats.
+##
+## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello
+##    ssl_session_ticket_handshake ssl_extension
+##    ssl_extension_elliptic_curves ssl_extension_application_layer_protocol_negotiation
+##    ssl_extension_server_name
+event ssl_server_curve%(c: connection, curve: count%);
+
+## Generated if a server uses a DH-anon or DHE cipher suite. This event contains
+## the server DH parameters, which are sent in the ServerKeyExchange message as
+## defined in :rfc:`5246`.
+##
+## c: The connection.
+##
+## p: The DH prime modulus.
+##
+## q: The DH generator.
+##
+## Ys: The server's DH public key.
+##
+## .. bro:see:: ssl_alert ssl_client_hello ssl_established ssl_server_hello
+##    ssl_session_ticket_handshake ssl_server_curve
+event ssl_dh_server_params%(c: connection, p: string, q: string, Ys: string%);
+
 ## Generated for an SSL/TLS Application-Layer Protocol Negotiation extension.
 ## This TLS extension is defined in draft-ietf-tls-applayerprotoneg and sent in
 ## the initial handshake. It contains the list of client supported application

src/analyzer/protocol/ssl/ssl-analyzer.pac

@@ -400,6 +400,28 @@ refine connection SSL_Conn += {
 
 		return true;
 		%}
+
+	function proc_ec_server_key_exchange(rec: SSLRecord, curve_type: uint8, curve: uint16) : bool
+		%{
+		if ( curve_type == NAMED_CURVE )
+			BifEvent::generate_ssl_server_curve(bro_analyzer(),
+			  bro_analyzer()->Conn(), curve);
+
+		return true;
+		%}
+
+	function proc_dh_server_key_exchange(rec: SSLRecord, p: bytestring, g: bytestring, Ys: bytestring) : bool
+		%{
+		BifEvent::generate_ssl_dh_server_params(bro_analyzer(),
+			bro_analyzer()->Conn(),
+		  new StringVal(p.length(), (const char*) p.data()),
+		  new StringVal(g.length(), (const char*) g.data()),
+		  new StringVal(Ys.length(), (const char*) Ys.data())
+		  );
+
+		return true;
+		%}
+
 };
 
 refine typeattr Alert += &let {
@@ -488,3 +510,11 @@ refine typeattr ServerNameExt += &let {
 refine typeattr CertificateStatus += &let {
 	proc : bool = $context.connection.proc_certificate_status(rec, status_type, response);
 };
+
+refine typeattr EcServerKeyExchange += &let {
+	proc : bool = $context.connection.proc_ec_server_key_exchange(rec, curve_type, curve);
+};
+
+refine typeattr DhServerKeyExchange += &let {
+	proc : bool = $context.connection.proc_dh_server_key_exchange(rec, dh_p, dh_g, dh_Ys);
+};

src/analyzer/protocol/ssl/ssl-defs.pac

@@ -60,3 +60,359 @@ enum SSLExtensions {
 	EXT_PADDING = 35655,
 	EXT_RENEGOTIATION_INFO = 65281
 };
+
+enum ECCurveType {
+	EXPLICIT_PRIME = 1,
+	EXPLICIT_CHAR = 2,
+	NAMED_CURVE = 3
+};
+
+enum TLSCiphers {
+	NO_CHOSEN_CIPHER = 0xFFFFFF,
+	TLS_NULL_WITH_NULL_NULL = 0x0000,
+	TLS_RSA_WITH_NULL_MD5 = 0x0001,
+	TLS_RSA_WITH_NULL_SHA = 0x0002,
+	TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003,
+	TLS_RSA_WITH_RC4_128_MD5 = 0x0004,
+	TLS_RSA_WITH_RC4_128_SHA = 0x0005,
+	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006,
+	TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007,
+	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008,
+	TLS_RSA_WITH_DES_CBC_SHA = 0x0009,
+	TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A,
+	TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B,
+	TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C,
+	TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D,
+	TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E,
+	TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F,
+	TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010,
+	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011,
+	TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012,
+	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013,
+	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014,
+	TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015,
+	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016,
+	TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017,
+	TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018,
+	TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019,
+	TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A,
+	TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B,
+	TLS_KRB5_WITH_DES_CBC_SHA = 0x001E,
+	TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F,
+	TLS_KRB5_WITH_RC4_128_SHA = 0x0020,
+	TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021,
+	TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022,
+	TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023,
+	TLS_KRB5_WITH_RC4_128_MD5 = 0x0024,
+	TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025,
+	TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026,
+	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027,
+	TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028,
+	TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029,
+	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A,
+	TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B,
+	TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F,
+	TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030,
+	TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031,
+	TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032,
+	TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033,
+	TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034,
+	TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035,
+	TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036,
+	TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037,
+	TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038,
+	TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039,
+	TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A,
+	TLS_RSA_WITH_NULL_SHA256 = 0x003B,
+	TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C,
+	TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D,
+	TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E,
+	TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F,
+	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040,
+	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041,
+	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042,
+	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045,
+	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046,
+	TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060,
+	TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061,
+	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062,
+	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063,
+	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064,
+	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065,
+	TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066,
+	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067,
+	TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068,
+	TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069,
+	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A,
+	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B,
+	TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C,
+	TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D,
+	# draft-ietf-tls-openpgp-keys-06
+	TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD = 0x0072,
+	TLS_DHE_DSS_WITH_AES_128_CBC_RMD = 0x0073,
+	TLS_DHE_DSS_WITH_AES_256_CBC_RMD = 0x0074,
+	TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD = 0x0077,
+	TLS_DHE_RSA_WITH_AES_128_CBC_RMD = 0x0078,
+	TLS_DHE_RSA_WITH_AES_256_CBC_RMD = 0x0079,
+	TLS_RSA_WITH_3DES_EDE_CBC_RMD = 0x007C,
+	TLS_RSA_WITH_AES_128_CBC_RMD = 0x007D,
+	TLS_RSA_WITH_AES_256_CBC_RMD = 0x007E,
+	# draft-chudov-cryptopro-cptls-04
+	TLS_GOSTR341094_WITH_28147_CNT_IMIT = 0x0080,
+	TLS_GOSTR341001_WITH_28147_CNT_IMIT = 0x0081,
+	TLS_GOSTR341094_WITH_NULL_GOSTR3411 = 0x0082,
+	TLS_GOSTR341001_WITH_NULL_GOSTR3411 = 0x0083,
+	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084,
+	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085,
+	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088,
+	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089,
+	TLS_PSK_WITH_RC4_128_SHA = 0x008A,
+	TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B,
+	TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C,
+	TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D,
+	TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E,
+	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F,
+	TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090,
+	TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091,
+	TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092,
+	TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093,
+	TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094,
+	TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095,
+	TLS_RSA_WITH_SEED_CBC_SHA = 0x0096,
+	TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097,
+	TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098,
+	TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099,
+	TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A,
+	TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B,
+	TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C,
+	TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D,
+	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E,
+	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F,
+	TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0,
+	TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1,
+	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2,
+	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3,
+	TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4,
+	TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5,
+	TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6,
+	TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7,
+	TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8,
+	TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9,
+	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA,
+	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB,
+	TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC,
+	TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD,
+	TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE,
+	TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF,
+	TLS_PSK_WITH_NULL_SHA256 = 0x00B0,
+	TLS_PSK_WITH_NULL_SHA384 = 0x00B1,
+	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2,
+	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3,
+	TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4,
+	TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5,
+	TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6,
+	TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7,
+	TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8,
+	TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9,
+	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA,
+	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB,
+	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE,
+	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF,
+	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0,
+	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1,
+	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4,
+	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5,
+	# draft-bmoeller-tls-downgrade-scsv-01
+	TLS_FALLBACK_SCSV = 0x5600,
+	# RFC 4492
+	TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001,
+	TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002,
+	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003,
+	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004,
+	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005,
+	TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006,
+	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007,
+	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A,
+	TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B,
+	TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C,
+	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D,
+	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E,
+	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F,
+	TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010,
+	TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011,
+	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012,
+	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013,
+	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014,
+	TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015,
+	TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016,
+	TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017,
+	TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018,
+	TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019,
+	TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A,
+	TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B,
+	TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C,
+	TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D,
+	TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E,
+	TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F,
+	TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020,
+	TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021,
+	TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024,
+	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025,
+	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026,
+	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027,
+	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028,
+	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029,
+	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A,
+	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B,
+	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C,
+	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D,
+	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E,
+	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F,
+	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030,
+	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031,
+	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032,
+	TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033,
+	TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034,
+	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035,
+	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036,
+	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037,
+	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038,
+	TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039,
+	TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A,
+	TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B,
+	# RFC 6209
+	TLS_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC03C,
+	TLS_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC03D,
+	TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC03E,
+	TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC03F,
+	TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC040,
+	TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC041,
+	TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC042,
+	TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC043,
+	TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC044,
+	TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC045,
+	TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256 = 0xC046,
+	TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384 = 0xC047,
+	TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC048,
+	TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC049,
+	TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC04A,
+	TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC04B,
+	TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04C,
+	TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04D,
+	TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04E,
+	TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04F,
+	TLS_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC050,
+	TLS_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC051,
+	TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC052,
+	TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC053,
+	TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC054,
+	TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC055,
+	TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC056,
+	TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC057,
+	TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC058,
+	TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC059,
+	TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256 = 0xC05A,
+	TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384 = 0xC05B,
+	TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05C,
+	TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05D,
+	TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05E,
+	TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05F,
+	TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC060,
+	TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC061,
+	TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC062,
+	TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC063,
+	TLS_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC064,
+	TLS_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC065,
+	TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC066,
+	TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC067,
+	TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC068,
+	TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC069,
+	TLS_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06A,
+	TLS_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06B,
+	TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06C,
+	TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06D,
+	TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06E,
+	TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06F,
+	TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC070,
+	TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC071,
+	# RFC 6367
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC072,
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC073,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC074,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC075,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC076,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC077,
+	TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC078,
+	TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC079,
+	TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07A,
+	TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07B,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07C,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07D,
+	TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07E,
+	TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07F,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081,
+	TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC082,
+	TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC083,
+	TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256 = 0xC084,
+	TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384 = 0xC085,
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086,
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC088,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC089,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08A,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08B,
+	TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08C,
+	TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08D,
+	TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08E,
+	TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08F,
+	TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090,
+	TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091,
+	TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC092,
+	TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC093,
+	TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC094,
+	TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC095,
+	TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC096,
+	TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC097,
+	TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC098,
+	TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC099,
+	TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC09A,
+	TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC09B,
+	# RFC 6655
+	TLS_RSA_WITH_AES_128_CCM = 0xC09C,
+	TLS_RSA_WITH_AES_256_CCM = 0xC09D,
+	TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E,
+	TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F,
+	TLS_RSA_WITH_AES_128_CCM_8 = 0xC0A0,
+	TLS_RSA_WITH_AES_256_CCM_8 = 0xC0A1,
+	TLS_DHE_RSA_WITH_AES_128_CCM_8 = 0xC0A2,
+	TLS_DHE_RSA_WITH_AES_256_CCM_8 = 0xC0A3,
+	TLS_PSK_WITH_AES_128_CCM = 0xC0A4,
+	TLS_PSK_WITH_AES_256_CCM = 0xC0A5,
+	TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6,
+	TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7,
+	TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8,
+	TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9,
+	TLS_PSK_DHE_WITH_AES_128_CCM_8 = 0xC0AA,
+	TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF,
+	# draft-agl-tls-chacha20poly1305-02
+	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC13,
+	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC14,
+	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC15
+};

src/analyzer/protocol/ssl/ssl-protocol.pac

@@ -98,7 +98,7 @@ type ServerName() = record {
 	name_type: uint8; # has to be 0 for host-name
 	name: case name_type of {
 		0 -> host_name: ServerNameHostName;
-		default -> data : bytestring &restofdata; # unknown name
+		default -> data : bytestring &restofdata &transient; # unknown name
 	};
 };
 
@@ -119,7 +119,7 @@ type ServerNameExt(rec: SSLRecord) = record {
 #	status_type: uint8; # 1 -> ocsp
 #	req: case status_type of {
 #		1 -> ocsp_status_request: OcspStatusRequest(rec);
-#		default -> data : bytestring &restofdata; # unknown
+#		default -> data : bytestring &restofdata &transient; # unknown
 #	};
 #};
 
@@ -302,9 +302,11 @@ type ServerHello(rec: SSLRecord) = record {
 	# of the following fields.
 	ext_len: uint16[] &until($element == 0 || $element != 0);
 	extensions : SSLExtension(rec)[] &until($input.length() == 0);
+} &let {
+	cipher_set : bool =
+		$context.connection.set_cipher(cipher_suite[0]);
 };
 
-
 ######################################################################
 # V2 Server Hello (SSLv2 2.6.)
 ######################################################################
@@ -351,9 +353,233 @@ type CertificateStatus(rec: SSLRecord) = record {
 # V3 Server Key Exchange Message (7.4.3.)
 ######################################################################
 
-# For now ignore details; just eat up complete message
-type ServerKeyExchange(rec: SSLRecord) = record {
-	key : bytestring &restofdata &transient;
+# Usually, the server key exchange does not contain any information
+# that we are interested in.
+#
+# The exception is when we are using an ECDHE, DHE or DH-Anon suite.
+# In this case, we can extract information about the chosen cipher from
+# here.
+type ServerKeyExchange(rec: SSLRecord) = case $context.connection.chosen_cipher() of {
+	TLS_ECDH_ECDSA_WITH_NULL_SHA,
+	TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+	TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+	TLS_ECDH_RSA_WITH_NULL_SHA,
+	TLS_ECDH_RSA_WITH_RC4_128_SHA,
+	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
+	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+	TLS_ECDHE_RSA_WITH_NULL_SHA,
+	TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+	TLS_ECDH_ANON_WITH_NULL_SHA,
+	TLS_ECDH_ANON_WITH_RC4_128_SHA,
+	TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDH_ANON_WITH_AES_128_CBC_SHA,
+	TLS_ECDH_ANON_WITH_AES_256_CBC_SHA,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
+	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
+	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
+	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
+	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
+	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+	TLS_ECDHE_PSK_WITH_RC4_128_SHA,
+	TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+	TLS_ECDHE_PSK_WITH_NULL_SHA,
+	TLS_ECDHE_PSK_WITH_NULL_SHA256,
+	TLS_ECDHE_PSK_WITH_NULL_SHA384,
+	TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
+	TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
+	TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
+	TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
+	TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
+	TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
+	TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
+	TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
+	TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+	TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+	TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
+	TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
+	TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+	TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+	TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
+	TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
+	TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
+	TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
+	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+		-> ec_server_key_exchange : EcServerKeyExchange(rec);
+
+	# DHE suites
+	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DHE_DSS_WITH_DES_CBC_SHA,
+	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DHE_RSA_WITH_DES_CBC_SHA,
+	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+	TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
+	TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+	TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
+	TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+	TLS_DHE_DSS_WITH_RC4_128_SHA,
+	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
+	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
+	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
+	TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD,
+	TLS_DHE_DSS_WITH_AES_128_CBC_RMD,
+	TLS_DHE_DSS_WITH_AES_256_CBC_RMD,
+	TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD,
+	TLS_DHE_RSA_WITH_AES_128_CBC_RMD,
+	TLS_DHE_RSA_WITH_AES_256_CBC_RMD,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+	TLS_DHE_PSK_WITH_RC4_128_SHA,
+	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+	TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
+	TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
+	TLS_DHE_DSS_WITH_SEED_CBC_SHA,
+	TLS_DHE_RSA_WITH_SEED_CBC_SHA,
+	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
+	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
+	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
+	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
+	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
+	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
+	TLS_DHE_PSK_WITH_NULL_SHA256,
+	TLS_DHE_PSK_WITH_NULL_SHA384,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+	TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256,
+	TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384,
+	TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
+	TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
+	TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+	TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+	TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+	TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+	TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
+	TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
+	TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+	TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+	TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
+	TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+	TLS_DHE_RSA_WITH_AES_128_CCM,
+	TLS_DHE_RSA_WITH_AES_256_CCM,
+	TLS_DHE_RSA_WITH_AES_128_CCM_8,
+	TLS_DHE_RSA_WITH_AES_256_CCM_8,
+	TLS_DHE_PSK_WITH_AES_128_CCM,
+	TLS_DHE_PSK_WITH_AES_256_CCM,
+	TLS_PSK_DHE_WITH_AES_128_CCM_8,
+	TLS_PSK_DHE_WITH_AES_256_CCM_8,
+	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+	# DH-anon suites
+	TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5,
+	TLS_DH_ANON_WITH_RC4_128_MD5,
+	TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
+	TLS_DH_ANON_WITH_DES_CBC_SHA,
+	TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
+	TLS_DH_ANON_WITH_AES_128_CBC_SHA,
+	TLS_DH_ANON_WITH_AES_256_CBC_SHA,
+	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA,
+	TLS_DH_ANON_WITH_AES_128_CBC_SHA256,
+	TLS_DH_ANON_WITH_AES_256_CBC_SHA256,
+	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA,
+	TLS_DH_ANON_WITH_SEED_CBC_SHA,
+	TLS_DH_ANON_WITH_AES_128_GCM_SHA256,
+	TLS_DH_ANON_WITH_AES_256_GCM_SHA384,
+	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256,
+	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256,
+	TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256,
+	TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384,
+	TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256,
+	TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384,
+	TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256,
+	TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384
+	# DH non-anon suites do not send a ServerKeyExchange
+		-> dh_server_key_exchange : DhServerKeyExchange(rec);
+
+	default
+		-> key : bytestring &restofdata &transient;
+};
+
+# For the moment, we really only are interested in the curve name. If it
+# is not set (if the server sends explicit parameters), we do not bother.
+# We also do not parse the actual signature data following the named curve.
+type EcServerKeyExchange(rec: SSLRecord) = record {
+	curve_type: uint8;
+	curve: uint16; # only if curve_type = 3 (NAMED_CURVE)
+	data: bytestring &restofdata &transient;
+};
+
+# For both, dh_anon and dhe the ServerKeyExchange starts with a ServerDHParams
+# structure. After that, they start to differ, but we do not care about that.
+type DhServerKeyExchange(rec: SSLRecord) = record {
+	dh_p_length: uint16;
+	dh_p: bytestring &length=dh_p_length;
+	dh_g_length: uint16;
+	dh_g: bytestring &length=dh_g_length;
+	dh_Ys_length: uint16;
+	dh_Ys: bytestring &length=dh_Ys_length;
+	data: bytestring &restofdata &transient;
 };
 
 
@@ -501,12 +727,22 @@ refine connection SSL_Conn += {
 		int client_state_;
 		int server_state_;
 		int record_layer_version_;
+		uint32 chosen_cipher_;
 	%}
 
 	%init{
 		server_state_ = STATE_CLEAR;
 		client_state_ = STATE_CLEAR;
 		record_layer_version_ = UNKNOWN_VERSION;
+		chosen_cipher_ = NO_CHOSEN_CIPHER;
+	%}
+
+	function chosen_cipher() : int %{ return chosen_cipher_; %}
+
+	function set_cipher(cipher: uint32) : bool
+		%{
+		chosen_cipher_ = cipher;
+		return true;
 		%}
 
 	function determine_ssl_record_layer(head0 : uint8, head1 : uint8,

testing/btest/Baseline/scripts.base.protocols.ftp.gridftp/ssl.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
-#open	2014-03-13-20-45-24
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
-#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
-1348168976.508038	CXWv6p3arKYeMETxOg	192.168.57.103	60108	192.168.57.101	2811	TLSv10	TLS_RSA_WITH_AES_256_CBC_SHA	-	-	-	T	FBtbj87tgpyeDSj31,F8TfgZ31c1dFu8Kt2k	FVNYOh2BeQBb7MpCPe,FwjBou1e5DbpE0eOgk,FbYQmk4x4M4Bx3PZme	CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid
-1348168976.551422	CjhGID4nQcgTWjvg4c	192.168.57.103	35391	192.168.57.101	55968	TLSv10	TLS_RSA_WITH_NULL_SHA	-	-	-	T	F4SSqN31HDIrrH5Q8h,FJHp5Pf6VLQsRQK3,FHACqa3dX9BXRV2av,FNnDVT1NURRWeoLLN3	FFWYVj4BcvQb35WIaf,Fj16G835fnJgnVlKU6,FGONoc1Nj0Ka5zlxDa	CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid
-#close	2014-03-13-20-45-24
+#open	2014-04-26-16-44-47
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1348168976.508038	CXWv6p3arKYeMETxOg	192.168.57.103	60108	192.168.57.101	2811	TLSv10	TLS_RSA_WITH_AES_256_CBC_SHA	-	-	-	-	T	FBtbj87tgpyeDSj31,F8TfgZ31c1dFu8Kt2k	FVNYOh2BeQBb7MpCPe,FwjBou1e5DbpE0eOgk,FbYQmk4x4M4Bx3PZme	CN=host/alpha,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Globus Simple CA,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid
+1348168976.551422	CjhGID4nQcgTWjvg4c	192.168.57.103	35391	192.168.57.101	55968	TLSv10	TLS_RSA_WITH_NULL_SHA	-	-	-	-	T	F4SSqN31HDIrrH5Q8h,FJHp5Pf6VLQsRQK3,FHACqa3dX9BXRV2av,FNnDVT1NURRWeoLLN3	FFWYVj4BcvQb35WIaf,Fj16G835fnJgnVlKU6,FGONoc1Nj0Ka5zlxDa	CN=932373381,CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=917532944,CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid	CN=Jon Siwek,OU=local,OU=simpleCA-alpha,OU=GlobusTest,O=Grid
+#close	2014-04-26-16-44-47

testing/btest/Baseline/scripts.base.protocols.ssl.basic/ssl.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
-#open	2014-03-13-20-45-46
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
-#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
-1335538392.319381	CXWv6p3arKYeMETxOg	192.168.1.105	62045	74.125.224.79	443	TLSv10	TLS_ECDHE_RSA_WITH_RC4_128_SHA	ssl.gstatic.com	-	-	T	F6wfNWn8LR755SYo7,FJl60T1mOolaez9T0h	(empty)	CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority,O=Google Inc,C=US	-	-
-#close	2014-03-13-20-45-46
+#open	2014-04-26-16-45-01
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1335538392.319381	CXWv6p3arKYeMETxOg	192.168.1.105	62045	74.125.224.79	443	TLSv10	TLS_ECDHE_RSA_WITH_RC4_128_SHA	secp256r1	ssl.gstatic.com	-	-	T	F6wfNWn8LR755SYo7,FJl60T1mOolaez9T0h	(empty)	CN=*.gstatic.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority,O=Google Inc,C=US	-	-
+#close	2014-04-26-16-45-01

testing/btest/Baseline/scripts.base.protocols.ssl.dhe/.stdout

@@ -0,0 +1 @@
+key length in bits, 1024

testing/btest/Baseline/scripts.base.protocols.ssl.dhe/ssl.log

@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2014-04-27-00-52-03
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1398558136.319509	CXWv6p3arKYeMETxOg	192.168.18.50	62277	162.219.2.166	443	TLSv12	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	-	-	-	-	T	F6fLv13PBYz8MNqx68,F8cTDl1penwXxGu4K7	(empty)	emailAddress=denicadmmail@arcor.de,CN=www.lilawelt.net,C=US	CN=StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL	-	-
+#close	2014-04-27-00-52-03

testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/ssl.log

@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2014-04-26-16-39-57
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1398529018.678827	CXWv6p3arKYeMETxOg	192.168.18.50	56981	74.125.239.97	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	secp256r1	-	-	-	T	FDy6ve1m58lwPRfhE9,FnGjwc1EVGk5x0WZk5,F2T07R1XZFCmeWafv2	(empty)	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	-	-
+#close	2014-04-26-16-39-57

testing/btest/Baseline/scripts.base.protocols.ssl.ecdhe/x509.log

@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	x509
+#open	2014-04-26-16-39-57
+#fields	ts	id	certificate.version	certificate.serial	certificate.subject	certificate.issuer	certificate.not_valid_before	certificate.not_valid_after	certificate.key_alg	certificate.sig_alg	certificate.key_type	certificate.key_length	certificate.exponent	certificate.curve	san.dns	san.uri	san.email	san.ip	basic_constraints.ca	basic_constraints.path_len
+#types	time	string	count	string	string	string	time	time	string	string	string	count	string	string	vector[string]	vector[string]	vector[string]	vector[addr]	bool	count
+1398529018.711296	FDy6ve1m58lwPRfhE9	3	1E58FDC12DE4C703	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	1397045108.000000	1404777600.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	*.google.com,*.android.com,*.appengine.google.com,*.cloud.google.com,*.google-analytics.com,*.google.ca,*.google.cl,*.google.co.in,*.google.co.jp,*.google.co.uk,*.google.com.ar,*.google.com.au,*.google.com.br,*.google.com.co,*.google.com.mx,*.google.com.tr,*.google.com.vn,*.google.de,*.google.es,*.google.fr,*.google.hu,*.google.it,*.google.nl,*.google.pl,*.google.pt,*.googleapis.cn,*.googlecommerce.com,*.googlevideo.com,*.gstatic.com,*.gvt1.com,*.urchin.com,*.url.google.com,*.youtube-nocookie.com,*.youtube.com,*.youtubeeducation.com,*.ytimg.com,android.com,g.co,goo.gl,google-analytics.com,google.com,googlecommerce.com,urchin.com,youtu.be,youtube.com,youtubeeducation.com	-	-	-	F	-
+1398529018.711296	FnGjwc1EVGk5x0WZk5	3	023A69	CN=Google Internet Authority G2,O=Google Inc,C=US	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	1365174955.000000	1428160555.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	0
+1398529018.711296	F2T07R1XZFCmeWafv2	3	12BBE6	CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US	OU=Equifax Secure Certificate Authority,O=Equifax,C=US	1021953600.000000	1534824000.000000	rsaEncryption	sha1WithRSAEncryption	rsa	2048	65537	-	-	-	-	-	T	-
+#close	2014-04-26-16-39-57

testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2-handshake-failure/ssl.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
-#open	2014-03-13-20-46-30
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
-#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
-1393957586.786031	CXWv6p3arKYeMETxOg	192.168.4.149	53525	74.125.239.37	443	-	-	-	-	handshake_failure	F	-	-	-	-	-	-
-#close	2014-03-13-20-46-30
+#open	2014-04-26-16-45-16
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1393957586.786031	CXWv6p3arKYeMETxOg	192.168.4.149	53525	74.125.239.37	443	-	-	-	-	-	handshake_failure	F	-	-	-	-	-	-
+#close	2014-04-26-16-45-16

testing/btest/Baseline/scripts.base.protocols.ssl.tls-1.2/ssl.log

@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
-#open	2014-03-13-20-46-09
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
-#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
-1357328848.549370	CXWv6p3arKYeMETxOg	10.0.0.80	56637	68.233.76.12	443	TLSv12	TLS_RSA_WITH_RC4_128_MD5	-	-	-	T	FlnQzb2dJK4p9jXwmd,FaDzX22O4j3kFF6Jqg,F9Tsjm3OdCmGGw43Yh	(empty)	CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US	CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	-	-
-#close	2014-03-13-20-46-09
+#open	2014-04-26-16-45-09
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1357328848.549370	CXWv6p3arKYeMETxOg	10.0.0.80	56637	68.233.76.12	443	TLSv12	TLS_RSA_WITH_RC4_128_MD5	-	-	-	-	T	FlnQzb2dJK4p9jXwmd,FaDzX22O4j3kFF6Jqg,F9Tsjm3OdCmGGw43Yh	(empty)	CN=*.taleo.net,OU=Comodo PremiumSSL Wildcard,OU=Web,O=Taleo Inc.,street=4140 Dublin Boulevard,street=Suite 400,L=Dublin,ST=CA,postalCode=94568,C=US	CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	-	-
+#close	2014-04-26-16-45-09

testing/btest/Baseline/scripts.policy.protocols.ssl.known-certs/ssl.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
-#open	2014-03-13-21-47-24
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
-#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
-1394747126.855035	CXWv6p3arKYeMETxOg	192.168.4.149	60623	74.125.239.129	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	-	-	-	T	FlaIzV19yTmBYwWwc6,F0BeiV3cMsGkNML0P2,F6PfYi2WUoPdIJrhpg	(empty)	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	-	-
-1394747129.505622	CjhGID4nQcgTWjvg4c	192.168.4.149	60624	74.125.239.129	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	-	-	-	T	FOye6a4kt8a7QChqw3,FytlLr3jOQenFAVtYi,FEmnxy4DGbxkmtQJS1	(empty)	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	-	-
-#close	2014-03-13-21-47-24
+#open	2014-04-27-06-48-05
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1394747126.855035	CXWv6p3arKYeMETxOg	192.168.4.149	60623	74.125.239.129	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	secp256r1	-	-	-	T	FlaIzV19yTmBYwWwc6,F0BeiV3cMsGkNML0P2,F6PfYi2WUoPdIJrhpg	(empty)	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	-	-
+1394747129.505622	CjhGID4nQcgTWjvg4c	192.168.4.149	60624	74.125.239.129	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	secp256r1	-	-	-	T	FOye6a4kt8a7QChqw3,FytlLr3jOQenFAVtYi,FEmnxy4DGbxkmtQJS1	(empty)	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	-	-
+#close	2014-04-27-06-48-05

testing/btest/Baseline/scripts.policy.protocols.ssl.validate-certs/ssl.log

@@ -3,9 +3,9 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ssl
-#open	2014-03-13-21-53-03
-#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer	validation_status
-#types	time	string	addr	port	addr	port	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string	string
-1394745602.951961	CXWv6p3arKYeMETxOg	192.168.4.149	60539	87.98.220.10	443	TLSv10	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	-	-	-	T	F1fX1R2cDOzbvg17ye,FqPEQR2eytAQybroyl	(empty)	CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated	CN=COMODO SSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	-	-	certificate has expired
-1394745618.791420	CjhGID4nQcgTWjvg4c	192.168.4.149	60540	122.1.240.204	443	TLSv10	TLS_RSA_WITH_AES_256_CBC_SHA	-	-	-	T	F6NAbK127LhNBaEe5c,FDhmPt28vyXlGMTxP7,F0ROCKibhE1KntJ1h	(empty)	CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP	CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US	-	-	ok
-#close	2014-03-13-21-53-03
+#open	2014-04-26-16-45-32
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	session_id	last_alert	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer	validation_status
+#types	time	string	addr	port	addr	port	string	string	string	string	string	string	bool	vector[string]	vector[string]	string	string	string	string	string
+1394745602.951961	CXWv6p3arKYeMETxOg	192.168.4.149	60539	87.98.220.10	443	TLSv10	TLS_DHE_RSA_WITH_AES_256_CBC_SHA	-	-	-	-	T	F1fX1R2cDOzbvg17ye,FqPEQR2eytAQybroyl	(empty)	CN=www.spidh.org,OU=COMODO SSL,OU=Domain Control Validated	CN=COMODO SSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB	-	-	certificate has expired
+1394745618.791420	CjhGID4nQcgTWjvg4c	192.168.4.149	60540	122.1.240.204	443	TLSv10	TLS_RSA_WITH_AES_256_CBC_SHA	-	-	-	-	T	F6NAbK127LhNBaEe5c,FDhmPt28vyXlGMTxP7,F0ROCKibhE1KntJ1h	(empty)	CN=www.tobu-estate.com,OU=Terms of use at www.verisign.com/rpa (c)05,O=TOBU RAILWAY Co.\,Ltd.,L=Sumida-ku,ST=Tokyo,C=JP	CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US	-	-	ok
+#close	2014-04-26-16-45-32

testing/btest/Baseline/scripts.policy.protocols.ssl.weak-keys/notice.log

@@ -0,0 +1,12 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	notice
+#open	2014-04-27-07-15-32
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	fuid	file_mime_type	file_desc	proto	note	msg	sub	src	dst	p	n	peer_descr	actions	suppress_for	dropped	remote_location.country_code	remote_location.region	remote_location.city	remote_location.latitude	remote_location.longitude
+#types	time	string	addr	port	addr	port	string	string	string	enum	enum	string	string	addr	addr	port	count	string	set[enum]	interval	bool	string	string	string	double	double
+1398558136.430417	CXWv6p3arKYeMETxOg	192.168.18.50	62277	162.219.2.166	443	-	-	-	tcp	SSL::Weak_Key	Host uses weak DH parameters with 1024 key bits	-	192.168.18.50	162.219.2.166	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+1398558136.430417	CXWv6p3arKYeMETxOg	192.168.18.50	62277	162.219.2.166	443	-	-	-	tcp	SSL::Weak_Key	DH key length of 1024 bits is smaller certificate key length of 2048 bits	-	192.168.18.50	162.219.2.166	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+1398558136.542637	CXWv6p3arKYeMETxOg	192.168.18.50	62277	162.219.2.166	443	-	-	-	tcp	SSL::Weak_Key	Host uses weak certificate with 2048 bit key	-	192.168.18.50	162.219.2.166	443	-	bro	Notice::ACTION_LOG	86400.000000	F	-	-	-	-	-
+#close	2014-04-27-07-15-32

testing/btest/scripts/base/protocols/ssl/dhe.test

@@ -0,0 +1,8 @@
+# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+# @TEST-EXEC: btest-diff ssl.log
+
+event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string)
+  {
+  print "key length in bits", |Ys|*8;
+  }

testing/btest/scripts/base/protocols/ssl/ecdhe.test

@@ -0,0 +1,3 @@
+# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff x509.log

testing/btest/scripts/policy/protocols/ssl/weak-keys.bro

@@ -0,0 +1,7 @@
+# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT
+# @TEST-EXEC: btest-diff notice.log
+
+@load protocols/ssl/weak-keys
+
+redef SSL::notify_weak_keys = ALL_HOSTS;
+redef SSL::notify_minimal_key_length = 4096;