diff --git a/scripts/policy/protocols/ssl/ssl-log-ext.zeek b/scripts/policy/protocols/ssl/ssl-log-ext.zeek
new file mode 100644
index 0000000000..26932a5cbf
--- /dev/null
+++ b/scripts/policy/protocols/ssl/ssl-log-ext.zeek
@@ -0,0 +1,176 @@
+##! This file adds a lot of additional information to the SSL log
+##! It is not loaded by default since the information significantly expands
+##! the log and is probably not interesting for a majority of people.
+
+@load base/protocols/ssl
+
+redef record SSL::Info += {
+	## Numeric version of the server in the server hello
+	server_version: count &log &optional;
+	## Numeric version of the client in the client hello
+	client_version: count &log &optional;
+	## Ciphers that were offered by the client for the connection
+	client_ciphers: vector of count  &log &optional;
+	## SSL Client extensions
+	ssl_client_exts: vector of count &log &optional;
+	## SSL server extensions
+	ssl_server_exts: vector of count &log &optional;
+	## Suggested ticket lifetime sent in the session ticket handshake
+	## by the server.
+	ticket_lifetime_hint: count &log &optional;
+	## The diffie helman parameter size, when using DH.
+	dh_param_size: count &log &optional;
+	## supported elliptic curve point formats
+	point_formats: vector of count  &log &optional;
+	## The curves supported by the client.
+	client_curves: vector of count  &log &optional;
+	## Application layer protocol negotiation extension sent by the client.
+	orig_alpn: vector of string &log &optional;
+	## TLS 1.3 supported versions
+	client_supported_versions: vector of count &log &optional;
+	## TLS 1.3 supported versions
+	server_supported_version: count &log &optional;
+	## TLS 1.3 Pre-shared key exchange modes
+	psk_key_exchange_modes: vector of count &log &optional;
+	## Key share groups from client hello
+	client_key_share_groups: vector of count &log &optional;
+	## Selected key share group from server hello
+	server_key_share_group: count &log &optional;
+	## Client supported compression methods
+	client_comp_methods: vector of count &log &optional;
+	## Server chosen compression method
+	comp_method: count &optional;
+	## Client supported signature algorithms
+	sigalgs: vector of count &log &optional;
+	## Client supported hash algorithms
+	hashalgs: vector of count &log &optional;
+};
+
+event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
+	{
+	if ( ! c?$ssl )
+		return;
+
+	c$ssl$client_ciphers = ciphers;
+	c$ssl$client_version = version;
+	c$ssl$client_comp_methods = comp_methods;
+	}
+
+	event ssl_server_hello(c: connection, version: count, record_version: count, possible_ts: time, server_random: string, session_id: string, cipher: count, comp_method: count)
+	{
+	if ( ! c?$ssl )
+		return;
+
+	c$ssl$server_version = version;
+	c$ssl$comp_method = comp_method;
+	}
+
+	event ssl_session_ticket_handshake(c: connection, ticket_lifetime_hint: count, ticket: string)
+	{
+	if ( ! c?$ssl )
+		return;
+
+	c$ssl$ticket_lifetime_hint = ticket_lifetime_hint;
+	}
+
+	event ssl_extension(c: connection, is_orig: bool, code: count, val: string)
+	{
+	if ( ! c?$ssl )
+		return;
+
+	if ( is_orig )
+		{
+		if ( ! c$ssl?$ssl_client_exts )
+			c$ssl$ssl_client_exts = vector();
+		c$ssl$ssl_client_exts[|c$ssl$ssl_client_exts|] = code;
+		}
+	else
+		{
+		if ( ! c$ssl?$ssl_server_exts )
+			c$ssl$ssl_server_exts = vector();
+		c$ssl$ssl_server_exts[|c$ssl$ssl_server_exts|] = code;
+		}
+	}
+
+event ssl_extension_ec_point_formats(c: connection, is_orig: bool, point_formats: index_vec)
+	{
+	if ( ! c?$ssl || ! is_orig )
+		return;
+
+	c$ssl$point_formats = point_formats;
+	}
+
+event ssl_extension_elliptic_curves(c: connection, is_orig: bool, curves: index_vec)
+	{
+	if ( ! c?$ssl || ! is_orig )
+		return;
+
+	c$ssl$client_curves = curves;
+	}
+
+	event ssl_extension_application_layer_protocol_negotiation(c: connection, is_orig: bool, names: string_vec)
+	{
+	if ( ! c?$ssl )
+		return;
+
+	if ( is_orig )
+		c$ssl$orig_alpn = names;
+	}
+
+	event ssl_dh_server_params(c: connection, p: string, q: string, Ys: string)
+	{
+	if ( ! c?$ssl )
+		return;
+
+	local key_length = |Ys| * 8; # key length in bits
+	c$ssl$dh_param_size = key_length;
+	}
+
+	event ssl_extension_supported_versions(c: connection, is_orig: bool, versions: index_vec)
+	{
+	if ( ! c?$ssl )
+		return;
+
+	if ( is_orig )
+		c$ssl$client_supported_versions = versions;
+	else
+		c$ssl$server_supported_version = versions[0];
+	}
+
+	event ssl_extension_psk_key_exchange_modes(c: connection, is_orig: bool, modes: index_vec)
+	{
+	if ( ! c?$ssl || ! is_orig )
+		return;
+
+	c$ssl$psk_key_exchange_modes = modes;
+	}
+
+event ssl_extension_key_share(c: connection, is_orig: bool, curves: index_vec)
+	{
+	if ( ! c?$ssl )
+		return;
+
+	if ( is_orig )
+		c$ssl$client_key_share_groups = curves;
+	else
+		c$ssl$server_key_share_group = curves[0];
+	}
+
+event ssl_extension_signature_algorithm(c: connection, is_orig: bool, signature_algorithms: signature_and_hashalgorithm_vec)
+	{
+	if ( ! c?$ssl || ! is_orig )
+		return;
+
+	local sigalgs: index_vec = vector();
+	local hashalgs: index_vec = vector();
+
+	for ( i in signature_algorithms )
+		{
+		local rec = signature_algorithms[i];
+		sigalgs[|sigalgs|] = rec$SignatureAlgorithm;
+		hashalgs[|hashalgs|] = rec$HashAlgorithm;
+		}
+
+	c$ssl$sigalgs = sigalgs;
+	c$ssl$hashalgs = hashalgs;
+	}
diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek
index 38775c5578..fc36807d57 100644
--- a/scripts/test-all-policy.zeek
+++ b/scripts/test-all-policy.zeek
@@ -106,6 +106,7 @@
 @load protocols/ssl/heartbleed.zeek
 @load protocols/ssl/known-certs.zeek
 @load protocols/ssl/log-certs-base64.zeek
+@load protocols/ssl/ssl-log-ext.zeek
 @load protocols/ssl/log-hostcerts-only.zeek
 #@load protocols/ssl/notary.zeek
 @load protocols/ssl/validate-certs.zeek
diff --git a/testing/btest/Baseline/scripts.policy.protocols.ssl.ssl-log-ext/ssl-all.log b/testing/btest/Baseline/scripts.policy.protocols.ssl.ssl-log-ext/ssl-all.log
new file mode 100644
index 0000000000..3e37304e30
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.ssl.ssl-log-ext/ssl-all.log
@@ -0,0 +1,83 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fps	client_cert_chain_fps	subject	issuer	server_version	client_version	client_ciphers	ssl_client_exts	ssl_server_exts	ticket_lifetime_hint	dh_param_size	point_formats	client_curves	orig_alpn	client_supported_versions	server_supported_version	psk_key_exchange_modes	client_key_share_groups	server_key_share_group	client_comp_methods	sigalgs	hashalgs
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	count	count	vector[count]	vector[count]	vector[count]	count	count	vector[count]	vector[count]	vector[string]	vector[count]	count	vector[count]	vector[count]	count	vector[count]	vector[count]	vector[count]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.18.50	62277	162.219.2.166	443	TLSv12	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA	-	-	F	-	-	T	b706ad178447821cc60aca1e0cd59697333a6178fd1c73f839fbdfb5b76bc507,cb2db573610f401e8d602917bbbe6ab4162255f208efad909d5440691aa0203c	(empty)	emailAddress=denicadmmail@arcor.de,CN=www.lilawelt.net,C=US	CN=StartCom Class 1 Primary Intermediate Server CA,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL	771	771	136,255	35,13,15	65281,35,15	300	1024	-	-	-	-	-	-	-	-	1,0	1,2,3,1,2,3,1,2,3,1,2,3,1,2,3	6,6,6,5,5,5,4,4,4,3,3,3,2,2,2
+#close XXXX-XX-XX-XX-XX-XX
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fps	client_cert_chain_fps	subject	issuer	server_version	client_version	client_ciphers	ssl_client_exts	ssl_server_exts	ticket_lifetime_hint	dh_param_size	point_formats	client_curves	orig_alpn	client_supported_versions	server_supported_version	psk_key_exchange_modes	client_key_share_groups	server_key_share_group	client_comp_methods	sigalgs	hashalgs
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	count	count	vector[count]	vector[count]	vector[count]	count	count	vector[count]	vector[count]	vector[string]	vector[count]	count	vector[count]	vector[count]	count	vector[count]	vector[count]	vector[count]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.18.50	56981	74.125.239.97	443	TLSv12	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	secp256r1	-	F	-	-	T	a97a22b691caf62c1623d14abf8a31ac915f14d87f77d8a37c47eb4785b484ad,a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0	(empty)	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	771	771	49172,255	11,10,35,13,15	65281,11,35	100800	-	-	14,13,25,11,12,24,9,10,22,23,8,6,7,20,21,4,5,18,19,1,2,3,15,16,17	-	-	-	-	-	-	1,0	1,2,3,1,2,3,1,2,3,1,2,3,1,2,3	6,6,6,5,5,5,4,4,4,3,3,3,2,2,2
+#close XXXX-XX-XX-XX-XX-XX
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fps	client_cert_chain_fps	subject	issuer	server_version	client_version	client_ciphers	ssl_client_exts	ssl_server_exts	ticket_lifetime_hint	dh_param_size	point_formats	client_curves	orig_alpn	client_supported_versions	server_supported_version	psk_key_exchange_modes	client_key_share_groups	server_key_share_group	client_comp_methods	sigalgs	hashalgs
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	count	count	vector[count]	vector[count]	vector[count]	count	count	vector[count]	vector[count]	vector[string]	vector[count]	count	vector[count]	vector[count]	count	vector[count]	vector[count]	vector[count]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.150.187.164	58868	194.127.84.106	443	TLSv10	TLS_RSA_WITH_RC4_128_MD5	-	-	F	-	-	T	ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360	(empty)	CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE	OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network	769	2	57,56,53,51,50,4,5,47,22,19,65279,10,21,18,65278,9,100,98,3,6	-	-	-	-	-	-	-	-	-	-	-	-	(empty)	-	-
+XXXXXXXXXX.XXXXXX	ClEkJM2Vm5giqnMf4h	192.150.187.164	58869	194.127.84.106	443	TLSv10	TLS_RSA_WITH_RC4_128_MD5	-	-	F	-	-	T	ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360	(empty)	CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE	OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network	769	769	57,56,53,51,50,4,5,47,22,19,65279,10,21,18,65278,9,100,98,3,6	-	-	-	-	-	-	-	-	-	-	-	-	0	-	-
+XXXXXXXXXX.XXXXXX	C4J4Th3PJpwUYZZ6gc	192.150.187.164	58870	194.127.84.106	443	TLSv10	TLS_RSA_WITH_RC4_128_MD5	-	-	F	-	-	T	ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360	(empty)	CN=www.dresdner-privat.de,OU=Terms of use at www.verisign.com/rpa (c)00,O=AGIS Allianz Dresdner Informationssysteme GmbH,L=Muenchen,ST=Bayern,C=DE	OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign\\, Inc.,O=VeriSign Trust Network	769	769	57,56,53,51,50,4,5,47,22,19,65279,10,21,18,65278,9,100,98,3,6	-	-	-	-	-	-	-	-	-	-	-	-	0	-	-
+#close XXXX-XX-XX-XX-XX-XX
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fps	client_cert_chain_fps	subject	issuer	server_version	client_version	client_ciphers	ssl_client_exts	ssl_server_exts	ticket_lifetime_hint	dh_param_size	point_formats	client_curves	orig_alpn	client_supported_versions	server_supported_version	psk_key_exchange_modes	client_key_share_groups	server_key_share_group	client_comp_methods	sigalgs	hashalgs
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	count	count	vector[count]	vector[count]	vector[count]	count	count	vector[count]	vector[count]	vector[string]	vector[count]	count	vector[count]	vector[count]	count	vector[count]	vector[count]	vector[count]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.17.58	62987	216.58.192.14	443	TLSv11	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA	secp256r1	-	F	-	-	T	22a920a5ec03c819b569ed0fa8b7df258e3e7ea11fdd15b83b6fa45f3e863036,9b759d41e3de30f9d2f902027d792b65d950a98bbb6d6d56be7f2528453bf8e9,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0	(empty)	CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US	CN=Google Internet Authority G2,O=Google Inc,C=US	770	770	49172,49162,57,56,55,54,136,135,134,133,49167,49157,53,132,49171,49161,51,50,49,48,154,153,152,151,69,68,67,66,49166,49156,47,150,65,7,49169,49159,49164,49154,5,4,49170,49160,22,19,16,13,49165,49155,10,255	11,10,35,15	65281,35,11	100800	-	-	23,25,28,27,24,26,22,14,13,11,12,9,10	-	-	-	-	-	-	1,0	-	-
+#close XXXX-XX-XX-XX-XX-XX
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fps	client_cert_chain_fps	subject	issuer	server_version	client_version	client_ciphers	ssl_client_exts	ssl_server_exts	ticket_lifetime_hint	dh_param_size	point_formats	client_curves	orig_alpn	client_supported_versions	server_supported_version	psk_key_exchange_modes	client_key_share_groups	server_key_share_group	client_comp_methods	sigalgs	hashalgs
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	count	count	vector[count]	vector[count]	vector[count]	count	count	vector[count]	vector[count]	vector[string]	vector[count]	count	vector[count]	vector[count]	count	vector[count]	vector[count]	vector[count]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.6.86	63721	104.236.167.107	4433	DTLSv10	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA	secp256r1	-	F	-	-	T	32e63ffcf5111a3a6337aa00d5186f6d475e962e9400a1dd8ad6eb4a3e177964	(empty)	CN=bro	CN=bro	65279	65279	49172,49162,57,56,55,54,136,135,134,133,49167,49157,53,132,49171,49161,51,50,49,48,154,153,152,151,69,68,67,66,49166,49156,47,150,65,7,49170,49160,22,19,16,13,49165,49155,10,21,18,15,12,9,20,17,14,11,8,6,255	11,10,35,15,11,10,35,15	65281,35,15	0	-	0,1,2	14,13,25,28,11,12,27,24,9,10,26,22,23,8,6,7,20,21,4,5,18,19,1,2,3,15,16,17	-	-	-	-	-	-	0	-	-
+#close XXXX-XX-XX-XX-XX-XX
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fps	client_cert_chain_fps	subject	issuer	server_version	client_version	client_ciphers	ssl_client_exts	ssl_server_exts	ticket_lifetime_hint	dh_param_size	point_formats	client_curves	orig_alpn	client_supported_versions	server_supported_version	psk_key_exchange_modes	client_key_share_groups	server_key_share_group	client_comp_methods	sigalgs	hashalgs
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	count	count	vector[count]	vector[count]	vector[count]	count	count	vector[count]	vector[count]	vector[string]	vector[count]	count	vector[count]	vector[count]	count	vector[count]	vector[count]	vector[count]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.17.58	60934	165.227.57.17	4400	DTLSv12	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	6f5446a5b23f4e73925de5e6629c09b1c61ed66537d6d8a7818750c9cd0a67d7	(empty)	O=Internet Widgits Pty Ltd,ST=Some-State,C=AU	O=Internet Widgits Pty Ltd,ST=Some-State,C=AU	65277	65277	49200,49196,49192,49188,49172,49162,165,163,161,159,107,106,105,104,57,56,55,54,136,135,134,133,49202,49198,49194,49190,49167,49157,157,61,53,132,49199,49195,49191,49187,49171,49161,164,162,160,158,103,64,63,62,51,50,49,48,154,153,152,151,69,68,67,66,49201,49197,49193,49189,49166,49156,156,60,47,150,65,7,49170,49160,22,19,16,13,49165,49155,10,255	11,10,35,13,15,11,10,35,13,15	65281,11,35	7200	-	0,1,2	23,25,28,27,24,26,22,14,13,11,12,9,10	-	-	-	-	-	-	0	1,2,3,1,2,3,1,2,3,1,2,3,1,2,3	6,6,6,5,5,5,4,4,4,3,3,3,2,2,2
+#close XXXX-XX-XX-XX-XX-XX
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fps	client_cert_chain_fps	subject	issuer	server_version	client_version	client_ciphers	ssl_client_exts	ssl_server_exts	ticket_lifetime_hint	dh_param_size	point_formats	client_curves	orig_alpn	client_supported_versions	server_supported_version	psk_key_exchange_modes	client_key_share_groups	server_key_share_group	client_comp_methods	sigalgs	hashalgs
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	count	count	vector[count]	vector[count]	vector[count]	count	count	vector[count]	vector[count]	vector[string]	vector[count]	count	vector[count]	vector[count]	count	vector[count]	vector[count]	vector[count]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.186.133	43056	192.168.186.134	9090	TLSv13	TLS_AES_256_GCM_SHA384	secp256r1	-	F	-	-	T	-	-	-	-	771	771	4866	51,43,13,11,10,23	51,43	-	-	0	25,24,23,21,19,16,256	-	772,771,770	772	-	-	23	0	3,3,3,3,6,11,5,10,4,9,1,1,1,1,1	6,5,4,2,8,8,8,8,8,8,6,5,4,3,2
+#close XXXX-XX-XX-XX-XX-XX
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fps	client_cert_chain_fps	subject	issuer	server_version	client_version	client_ciphers	ssl_client_exts	ssl_server_exts	ticket_lifetime_hint	dh_param_size	point_formats	client_curves	orig_alpn	client_supported_versions	server_supported_version	psk_key_exchange_modes	client_key_share_groups	server_key_share_group	client_comp_methods	sigalgs	hashalgs
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	count	count	vector[count]	vector[count]	vector[count]	count	count	vector[count]	vector[count]	vector[string]	vector[count]	count	vector[count]	vector[count]	count	vector[count]	vector[count]	vector[count]
+XXXXXXXXXX.XXXXXX	CHhAvVGS1DHFjwGM9	192.168.86.23	63449	52.32.149.186	443	TLSv13-draft23	TLS_AES_128_GCM_SHA256	x25519	tls13.crypto.mozilla.org	F	-	-	T	-	-	-	-	771	771	39578,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53,10	19018,65281,0,23,35,13,5,18,16,30032,11,51,45,43,10,24,31354,21	51,43	-	-	0	39578,29,23,24	h2,http/1.1	56026,32535,771,770,769	32535	1	39578,29	29	0	3,4,1,3,5,1,6,1,1	4,8,4,5,8,5,8,6,2
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/scripts/policy/protocols/ssl/ssl-log-ext.zeek b/testing/btest/scripts/policy/protocols/ssl/ssl-log-ext.zeek
new file mode 100644
index 0000000000..bab341a77a
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/ssl/ssl-log-ext.zeek
@@ -0,0 +1,23 @@
+# @TEST-EXEC: zeek -b -r $TRACES/tls/dhe.pcap %INPUT
+# @TEST-EXEC: cat ssl.log > ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1_1.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_0.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_2.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/tls13_wolfssl.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+
+# @TEST-EXEC: btest-diff ssl-all.log
+
+# Test the new client and server key exchange events.
+
+@load protocols/ssl/ssl-log-ext
+