Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-07 17:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

TLS analyzer: change logic to track TLS 1.3 connection establishment

Browse source 
This commit changes the logic that is used to tracks connection
establishment - and moves it from scriptland into the core.

TLS 1.3 connection establishment is much more finnicky for us than the
establishment of earlier versions - since we cannot rely on the CCS
message anymore (which is meaningless and not sent in a lot of cases).

With this commit, the ssl_encrypted_data message gets raised for
encrypted TLS 1.3 handshake messages - which is much more correct than
the behavior before that just interpreted them as plaintext messages.

I will refine this a bit more - at the moment the connection established
event happens a bit too early - earlier than TLS 1.3 connections
actually can be estasblished.

Part of GH-1323
This commit is contained in:
Johanna Amann 2020-12-14 19:51:05 +00:00 committed by Johanna Amann
parent f5d306a732
commit bea3075c1f
5 changed files with 68 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/analyzer/protocol/ssl/SSL.cc
View file

@ -48,6 +48,11 @@ void SSL_Analyzer::StartEncryption()
interp->setEstablished();
}
uint16_t SSL_Analyzer::GetNegotiatedVersion() const
{
return handshake_interp->chosen_version();
}
void SSL_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
{
analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);