Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Make parsing of ServerKeyExchange work for D(TLS) < 1.2.

Browse source 
Now we only parse the SignatureAndHashalgorithm field in cases where it
is present. This change also takes care to respect SCTs, which do
include the SignatureAndHashalgorithm in their digitally-signed struct,
even when used in protocol versions that do not have the
SignatureAndHashalgorithm in the protocols digitally-signed struct.

I also added tests to make sure this does indeed work with TLS 1.1 - it
turns out that so far we did not have a single TLS 1.1 pcap.
This commit is contained in:
Johanna Amann 2017-11-30 12:18:14 -08:00
parent fdf8717588
commit 94f55532f2
18 changed files with 163 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

1
testing/btest/scripts/base/protocols/ssl/basic.test
View file

@ -3,3 +3,4 @@
# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
# @TEST-EXEC: btest-diff ssl.log
# @TEST-EXEC: btest-diff x509.log
# @TEST-EXEC: test ! -f dpd.log