Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Added new TLS ciphers

Browse source
This commit is contained in:
Seth Hall 2011-01-28 16:18:57 -05:00
parent c7a5bf071d
commit c8076619ce
4 changed files with 69 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
policy/bro.init
View file

@ -905,7 +905,7 @@ global dns_max_queries = 5;
# The maxiumum size in bytes for an SSL cipherspec. If we see a packet that # The maxiumum size in bytes for an SSL cipherspec. If we see a packet that
# has bigger cipherspecs, we warn and won't do a comparisons of cipherspecs. # has bigger cipherspecs, we warn and won't do a comparisons of cipherspecs.
const ssl_max_cipherspec_size = 45 &redef; const ssl_max_cipherspec_size = 68 &redef;
# SSL and X.509 types. # SSL and X.509 types.
type cipher_suites_list: set[count]; type cipher_suites_list: set[count];

5
policy/ssl-ciphers.bro
View file

@ -223,6 +223,11 @@ const SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE;
const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF; const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF;
const SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1; const SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1;
const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0; const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0;
const SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80;
const SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81;
const SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82;
const SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83;
const TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF;
# Cipher specifications native to TLS can be included in Version 2.0 client # Cipher specifications native to TLS can be included in Version 2.0 client

53
src/SSLCiphers.cc
View file

@ -399,6 +399,48 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
// 128, // 128,
// 160 // 160
//}, //},
{ SSL_RSA_WITH_RC2_CBC_MD5,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv20,
SSL_CIPHER_RC2,
SSL_MAC_MD5,
SSL_KEY_EXCHANGE_RSA,
0,
56,
160
},
{ SSL_RSA_WITH_IDEA_CBC_MD5,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv20,
SSL_CIPHER_IDEA,
SSL_MAC_MD5,
SSL_KEY_EXCHANGE_RSA,
0,
128,
160
},
{ SSL_RSA_WITH_DES_CBC_MD5,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv20,
SSL_CIPHER_DES,
SSL_MAC_MD5,
SSL_KEY_EXCHANGE_RSA,
0,
56,
160
},
{ SSL_RSA_WITH_3DES_EDE_CBC_MD5,
SSL_CIPHER_TYPE_BLOCK,
SSL_FLAG_SSLv20,
SSL_CIPHER_3DES,
SSL_MAC_MD5,
SSL_KEY_EXCHANGE_RSA,
0,
168,
160
},
// --- special SSLv3 FIPS ciphers // --- special SSLv3 FIPS ciphers
{ SSL_RSA_FIPS_WITH_DES_CBC_SHA, { SSL_RSA_FIPS_WITH_DES_CBC_SHA,
SSL_CIPHER_TYPE_BLOCK, SSL_CIPHER_TYPE_BLOCK,
@ -1023,6 +1065,17 @@ SSL_CipherSpec SSL_CipherSpecs[] = {
160 160
}, },
{ TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
SSL_CIPHER_TYPE_NULL,
SSL_FLAG_SSLv30 | SSL_FLAG_SSLv31,
SSL_CIPHER_NULL,
SSL_MAC_NULL,
SSL_KEY_EXCHANGE_NULL,
0,
0,
0
},
}; };

11
src/SSLCiphers.h
View file

@ -253,11 +253,20 @@ enum SSL3_1_CipherSpec {
TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039, TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039,
TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A, TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A,
TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B, TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B,
// --- special SSLv3 FIPS ciphers // --- special SSLv3 FIPS ciphers
SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE, SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE,
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF,
SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1, SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1,
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFe0, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0,
// Tags for SSL 2 cipher kinds which are not specified for SSL 3.
SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80,
SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81,
SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82,
SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83,
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF,
}; };
enum SSL_CipherType { enum SSL_CipherType {