From b956539b46defe486517a5be461c58f6343e90d8 Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Thu, 31 Mar 2022 15:55:25 -0700 Subject: [PATCH] Move new TLS decryption capabilities up to Zeek 5 in NEWS file --- NEWS | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/NEWS b/NEWS index b20efb7a91..feebbd0928 100644 --- a/NEWS +++ b/NEWS @@ -16,6 +16,14 @@ New Functionality ``--event-trace`` / ``-E`` command-line options. For details, see: https://docs.zeek.org/en/master/quickstart.html#tracing-events +- Zeek now features limited TLS decryption capabilities. This feature is experimental + and only works for TLS 1.2 connections that use the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + ciphersuite. Furthermore Zeek requires access to the pre-master secret of each TLS + connection. Typically this functionality will be most useful when analyzing trace-files + where the TLS client recorded the key material. For more details and examples how to + use this functionality, see the TLS Decryption documentation at + https://docs.zeek.org/en/master/frameworks/tls-decryption.html + - The new --with-gen-zam configure flag and its corresponding GEN_ZAM_EXE_PATH cmake variable allow reuse of a previously built Gen-ZAM code generator. This aids cross-compilation: the Zeek build process normally compiles Gen-ZAM on @@ -161,14 +169,6 @@ New Functionality - The GRE analyzer now supports the Aruba WLAN protocol type. -- Zeek now features limited TLS decryption capabilities. This feature is experimental - and only works for TLS 1.2 connections that use the TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - ciphersuite. Furthermore Zeek requires access to the pre-master secret of each TLS - connection. Typically this functionality will be most useful when analyzing trace-files - where the TLS client recorded the key material. For more details and examples how to - use this functionality, see the TLS Decryption documentation at - https://docs.zeek.org/en/master/frameworks/tls-decryption.html - Changed Functionality ---------------------