Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Introduce ssl_plaintext_data event.

Browse source 
This event is the replacement for ssl_application_data, which is removed
in the same commit. It is more generic, containing more information than
ssl_application_dataand is raised for all SSL/TLS messages that are
exchanged before encryption starts.

It is used by Bro internally to determine when a TLS1.3 session has been
completely established. Apart from that, it can be used to, e.g.,
determine the record layer TLS version.
This commit is contained in:
Johanna Amann 2017-02-03 13:39:34 -08:00
parent c05e07cc90
commit c92bf9bad2
7 changed files with 79 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

5
testing/btest/scripts/base/protocols/ssl/handshake-events.test
View file

@ -22,6 +22,11 @@ event ssl_change_cipher_spec(c: connection, is_orig: bool)
print "CCS", c$id$orig_h, c$id$resp_h, is_orig;
}
event ssl_plaintext_data(c: connection, is_orig: bool, content_type: count, record_version: count, length: count)
{
print "Plaintext data", c$id$orig_h, c$id$resp_h, is_orig, SSL::version_strings[record_version], content_type, length;
}
event ssl_encrypted_data(c: connection, is_orig: bool, content_type: count, record_version: count, length: count)
{
print "Encrypted data", c$id$orig_h, c$id$resp_h, is_orig, SSL::version_strings[record_version], content_type, length;