Add new ssl-log-ext policy script

This policy script significantly extends the details that are logged about SSL/TLS handshakes. I am a bit tempted to just make this part of the default log - but it does add a bunch logging overhead for each connection.
2025-10-16 13:38:19 +00:00 · 2021-06-29 09:07:15 +01:00 · 2021-06-29 09:07:15 +01:00 · e310734d7b
commit e310734d7b
parent 279a060fae
4 changed files with 283 additions and 0 deletions
--- a/testing/btest/scripts/policy/protocols/ssl/ssl-log-ext.zeek
+++ b/testing/btest/scripts/policy/protocols/ssl/ssl-log-ext.zeek
@ -0,0 +1,23 @@
+# @TEST-EXEC: zeek -b -r $TRACES/tls/dhe.pcap %INPUT
+# @TEST-EXEC: cat ssl.log > ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1_1.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_0.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_2.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/tls13_wolfssl.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+# @TEST-EXEC: zeek -b -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT
+# @TEST-EXEC: cat ssl.log >> ssl-all.log
+
+# @TEST-EXEC: btest-diff ssl-all.log
+
+# Test the new client and server key exchange events.
+
+@load protocols/ssl/ssl-log-ext
+