Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Introduce ssl_plaintext_data event.

Browse source 
This event is the replacement for ssl_application_data, which is removed
in the same commit. It is more generic, containing more information than
ssl_application_dataand is raised for all SSL/TLS messages that are
exchanged before encryption starts.

It is used by Bro internally to determine when a TLS1.3 session has been
completely established. Apart from that, it can be used to, e.g.,
determine the record layer TLS version.
This commit is contained in:
Johanna Amann 2017-02-03 13:39:34 -08:00
parent c05e07cc90
commit c92bf9bad2
7 changed files with 79 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

9
testing/btest/Baseline/scripts.base.protocols.ssl.handshake-events/.stdout
View file

@ -1,15 +1,24 @@
Handshake, 192.168.1.105, 74.125.224.79, T, 1, 169
Plaintext data, 192.168.1.105, 74.125.224.79, T, TLSv10, 22, 173
Handshake, 192.168.1.105, 74.125.224.79, F, 2, 81
Plaintext data, 192.168.1.105, 74.125.224.79, F, TLSv10, 22, 85
Handshake, 192.168.1.105, 74.125.224.79, F, 11, 1620
Plaintext data, 192.168.1.105, 74.125.224.79, F, TLSv10, 22, 1624
Handshake, 192.168.1.105, 74.125.224.79, F, 12, 199
Plaintext data, 192.168.1.105, 74.125.224.79, F, TLSv10, 22, 203
Handshake, 192.168.1.105, 74.125.224.79, F, 14, 0
Plaintext data, 192.168.1.105, 74.125.224.79, F, TLSv10, 22, 4
Handshake, 192.168.1.105, 74.125.224.79, T, 16, 66
Plaintext data, 192.168.1.105, 74.125.224.79, T, TLSv10, 22, 70
CCS, 192.168.1.105, 74.125.224.79, T
Plaintext data, 192.168.1.105, 74.125.224.79, T, TLSv10, 20, 1
Encrypted data, 192.168.1.105, 74.125.224.79, T, TLSv10, 22, 72
Encrypted data, 192.168.1.105, 74.125.224.79, T, TLSv10, 23, 48
Encrypted data, 192.168.1.105, 74.125.224.79, T, TLSv10, 23, 387
Handshake, 192.168.1.105, 74.125.224.79, F, 4, 170
Plaintext data, 192.168.1.105, 74.125.224.79, F, TLSv10, 22, 174
CCS, 192.168.1.105, 74.125.224.79, F
Plaintext data, 192.168.1.105, 74.125.224.79, F, TLSv10, 20, 1
Established, 192.168.1.105, 74.125.224.79
Encrypted data, 192.168.1.105, 74.125.224.79, F, TLSv10, 22, 36
Encrypted data, 192.168.1.105, 74.125.224.79, F, TLSv10, 23, 40