mirror of
https://github.com/zeek/zeek.git
synced 2025-10-04 15:48:19 +00:00
Merge remote branch 'remotes/origin/topic/policy-scripts-new'
* remotes/origin/topic/policy-scripts-new: Add RPC/SSL scripts to doc generation target. Update the generated script doc organization. Changing back the last commit. It made things worse. Trying a different method of record parsing for SSL analyzer. Moved the RPC script into the right place. More SSL script cleanup. Fixed a segfault from empty strings in the SSL analyzer. Removing what I believe is the last stray print statement from the SSL analyzer. Fixed more eternal looping bugs in the SSL analyzer. Updates and fixes for the SSL analyzer. Changes to make generated script docs understand new policy/ hierarchy.
This commit is contained in:
Robin Sommer
commit
e87e2ad96e
48 changed files with 1393 additions and 1278 deletions
|
|
@ -1,4 +1,3 @@
|
|||
set(POLICY_SRC_DIR ${PROJECT_SOURCE_DIR}/policy)
|
||||
set(BIF_SRC_DIR ${PROJECT_SOURCE_DIR}/src)
|
||||
set(RST_OUTPUT_DIR ${CMAKE_CURRENT_BINARY_DIR}/rest_output)
|
||||
set(DOC_OUTPUT_DIR ${CMAKE_CURRENT_BINARY_DIR}/out)
|
||||
|
|
@ -28,8 +27,12 @@ endif ()
|
|||
# rest_target(srcDir broInput [group])
|
||||
#
|
||||
# srcDir: the directory which contains broInput
|
||||
# broInput: the file name of a bro policy script
|
||||
# group: optional name of group that the script documentation will belong to
|
||||
# broInput: the file name of a bro policy script, any path prefix of this
|
||||
# argument will be used to derive what path under policy/ the generated
|
||||
# documentation will be placed.
|
||||
# group: optional name of group that the script documentation will belong to.
|
||||
# If this is not given, .bif files automatically get their own group or
|
||||
# the group is automatically by any path portion of the broInput argument.
|
||||
#
|
||||
# In addition to adding the makefile target, several CMake variables are set:
|
||||
#
|
||||
|
|
@ -39,24 +42,25 @@ endif ()
|
|||
# ALL_REST_OUTPUTS: a running list (the CMake list type) of all reST docs
|
||||
# that are to be generated
|
||||
# MASTER_GROUP_LIST: a running list (the CMake list type) of all script groups
|
||||
# MASTER_PKG_LIST: a running list (the CMake list type) of all script groups
|
||||
# that were defived from the path portion of the broInput argument
|
||||
# ${group}_files: a running list of files belonging to a given group, from
|
||||
# which summary text can be extracted at build time
|
||||
# ${group}_doc_names: a running list of reST style document names that can be
|
||||
# given to a :doc: role, shared indices with ${group}_files
|
||||
#
|
||||
macro(REST_TARGET srcDir broInput)
|
||||
get_filename_component(basename ${broInput} NAME_WE)
|
||||
set(absSrcPath ${srcDir}/${broInput})
|
||||
get_filename_component(basename ${broInput} NAME)
|
||||
string(REPLACE .bro "" basename ${basename})
|
||||
get_filename_component(extension ${broInput} EXT)
|
||||
get_filename_component(relDstDir ${broInput} PATH)
|
||||
|
||||
set(sumTextSrc ${srcDir}/${broInput})
|
||||
set(sumTextSrc ${absSrcPath})
|
||||
if (${extension} STREQUAL ".bif.bro")
|
||||
set(basename "${basename}.bif")
|
||||
# the summary text is taken at configure time, but .bif.bro files
|
||||
# may not have been generated yet, so read .bif file instead
|
||||
set(sumTextSrc ${BIF_SRC_DIR}/${basename})
|
||||
elseif (${extension} STREQUAL ".init")
|
||||
set(basename "${basename}.init")
|
||||
endif ()
|
||||
|
||||
if (NOT relDstDir)
|
||||
|
|
@ -71,12 +75,27 @@ macro(REST_TARGET srcDir broInput)
|
|||
string(REPLACE "/" "^" restFile ${restFile})
|
||||
set(restOutput "${dstDir}/${basename}.rst")
|
||||
|
||||
set(indexEntry " ${docName} <${docName}>")
|
||||
set(MASTER_POLICY_INDEX_TEXT "${MASTER_POLICY_INDEX_TEXT}\n${indexEntry}")
|
||||
set(MASTER_POLICY_INDEX_TEXT
|
||||
"${MASTER_POLICY_INDEX_TEXT}\n ${docName} <${docName}>")
|
||||
list(APPEND ALL_REST_OUTPUTS ${restOutput})
|
||||
|
||||
if (NOT "${ARGN}" STREQUAL "")
|
||||
set(group ${ARGN})
|
||||
elseif (${extension} STREQUAL ".bif.bro")
|
||||
set(group bifs)
|
||||
elseif (relDstDir)
|
||||
set(pkgIndex policy/${relDstDir}/index)
|
||||
set(group ${pkgIndex})
|
||||
# add package index to master package list if not already in it
|
||||
list(FIND MASTER_PKG_LIST ${pkgIndex} _found)
|
||||
if (_found EQUAL -1)
|
||||
list(APPEND MASTER_PKG_LIST ${pkgIndex})
|
||||
endif ()
|
||||
else ()
|
||||
set(group "")
|
||||
endif ()
|
||||
|
||||
if (NOT "${group}" STREQUAL "")
|
||||
# add group to master group list if not already in it
|
||||
list(FIND MASTER_GROUP_LIST ${group} _found)
|
||||
if (_found EQUAL -1)
|
||||
|
|
@ -90,14 +109,6 @@ macro(REST_TARGET srcDir broInput)
|
|||
|
||||
list(APPEND ${group}_files ${sumTextSrc})
|
||||
list(APPEND ${group}_doc_names ${docName})
|
||||
else ()
|
||||
set(group "")
|
||||
endif ()
|
||||
|
||||
if (${group} STREQUAL "default" OR ${group} STREQUAL "bifs")
|
||||
set(BRO_ARGS --doc-scripts --exec '')
|
||||
else ()
|
||||
set(BRO_ARGS --doc-scripts ${broInput})
|
||||
endif ()
|
||||
|
||||
add_custom_command(OUTPUT ${restOutput}
|
||||
|
|
@ -106,7 +117,7 @@ macro(REST_TARGET srcDir broInput)
|
|||
ARGS -E remove_directory .state
|
||||
# generate the reST documentation using bro
|
||||
COMMAND BROPATH=${BROPATH}:${srcDir} ${CMAKE_BINARY_DIR}/src/bro
|
||||
ARGS ${BRO_ARGS} || (rm -rf .state *.log *.rst && exit 1)
|
||||
ARGS --doc-scripts ${broInput} || (rm -rf .state *.log *.rst && exit 1)
|
||||
# move generated doc into a new directory tree that
|
||||
# defines the final structure of documents
|
||||
COMMAND "${CMAKE_COMMAND}"
|
||||
|
|
@ -115,133 +126,34 @@ macro(REST_TARGET srcDir broInput)
|
|||
ARGS -E copy ${restFile} ${restOutput}
|
||||
# copy the bro policy script, too
|
||||
COMMAND "${CMAKE_COMMAND}"
|
||||
ARGS -E copy ${srcDir}/${broInput} ${dstDir}
|
||||
ARGS -E copy ${absSrcPath} ${dstDir}
|
||||
# clean up the build directory
|
||||
COMMAND rm
|
||||
ARGS -rf .state *.log *.rst
|
||||
DEPENDS bro
|
||||
DEPENDS ${srcDir}/${broInput}
|
||||
DEPENDS ${absSrcPath}
|
||||
COMMENT "[Bro] Generating reST docs for ${broInput}"
|
||||
)
|
||||
|
||||
endmacro(REST_TARGET)
|
||||
|
||||
# Schedule Bro scripts for which to generate documentation.
|
||||
# Note: the script may be located in a subdirectory off of one of the main
|
||||
# directories in BROPATH. In that case, just list the script as 'foo/bar.bro'
|
||||
rest_target(${CMAKE_CURRENT_SOURCE_DIR} example.bro internal)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} conn.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} conn/base.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} conn/contents.bro user)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} dns.bro policy/dns-index)
|
||||
rest_target(${POLICY_SRC_DIR} dns/auth-addl.bro policy/dns-index)
|
||||
rest_target(${POLICY_SRC_DIR} dns/base.bro policy/dns-index)
|
||||
rest_target(${POLICY_SRC_DIR} dns/consts.bro policy/dns-index)
|
||||
rest_target(${POLICY_SRC_DIR} dns/detect.bro policy/dns-index)
|
||||
rest_target(${POLICY_SRC_DIR} dns/passive-replication.bro policy/dns-index)
|
||||
|
||||
# TODO: these don't currently work due to something that looks like a
|
||||
# circular dependency. They'll also change to the 'default' group once
|
||||
# loaded from bro.init.
|
||||
#rest_target(${POLICY_SRC_DIR} dpd.bro policy/dpd-index)
|
||||
#rest_target(${POLICY_SRC_DIR} dpd/base.bro policy/dpd-index)
|
||||
#rest_target(${POLICY_SRC_DIR} dpd/dyn-disable.bro policy/dpd-index)
|
||||
#rest_target(${POLICY_SRC_DIR} dpd/packet-segment-logging.bro policy/dpd-index)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} ftp.bro policy/ftp-index)
|
||||
rest_target(${POLICY_SRC_DIR} ftp/base.bro policy/ftp-index)
|
||||
rest_target(${POLICY_SRC_DIR} ftp/detect.bro policy/ftp-index)
|
||||
rest_target(${POLICY_SRC_DIR} ftp/file-extract.bro policy/ftp-index)
|
||||
rest_target(${POLICY_SRC_DIR} ftp/software.bro policy/ftp-index)
|
||||
rest_target(${POLICY_SRC_DIR} ftp/utils-commands.bro policy/ftp-index)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} functions.bro user)
|
||||
|
||||
# TODO: hot.conn.bro currently won't load because hot.bro doesn't exist
|
||||
#rest_target(${POLICY_SRC_DIR} hot.conn.bro user)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} http.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/base-extended.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/base.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/detect-intel.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/detect-sqli.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/detect-webapps.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/file-extract.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/file-hash.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/file-ident.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/headers.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/software.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/utils.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/var-extraction-cookies.bro policy/http-index)
|
||||
rest_target(${POLICY_SRC_DIR} http/var-extraction-uri.bro policy/http-index)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} irc.bro policy/irc-index)
|
||||
rest_target(${POLICY_SRC_DIR} irc/base.bro policy/irc-index)
|
||||
rest_target(${POLICY_SRC_DIR} irc/dcc-send.bro policy/irc-index)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} known-services.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} known-hosts.bro user)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} metrics.bro policy/metrics-index)
|
||||
rest_target(${POLICY_SRC_DIR} metrics/base.bro policy/metrics-index)
|
||||
rest_target(${POLICY_SRC_DIR} metrics/conn-example.bro policy/metrics-index)
|
||||
rest_target(${POLICY_SRC_DIR} metrics/http-example.bro policy/metrics-index)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} mime.bro policy/mime-index)
|
||||
rest_target(${POLICY_SRC_DIR} mime/base.bro policy/mime-index)
|
||||
rest_target(${POLICY_SRC_DIR} mime/file-extract.bro policy/mime-index)
|
||||
rest_target(${POLICY_SRC_DIR} mime/file-hash.bro policy/mime-index)
|
||||
rest_target(${POLICY_SRC_DIR} mime/file-ident.bro policy/mime-index)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} notice-action-filters.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} notice.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} site.bro user)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} signatures.bro policy/sig-index)
|
||||
rest_target(${POLICY_SRC_DIR} signatures/base.bro policy/sig-index)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} smtp.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/base-extended.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/base.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/detect.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/software.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/utils.bro policy/smtp-index)
|
||||
rest_target(${POLICY_SRC_DIR} smtp/webmail-ident.bro policy/smtp-index)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} software.bro policy/software-index)
|
||||
rest_target(${POLICY_SRC_DIR} software/base.bro policy/software-index)
|
||||
rest_target(${POLICY_SRC_DIR} software/vulnerable.bro policy/software-index)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} ssh.bro policy/ssh-index)
|
||||
rest_target(${POLICY_SRC_DIR} ssh/base.bro policy/ssh-index)
|
||||
rest_target(${POLICY_SRC_DIR} ssh/software.bro policy/ssh-index)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} ssl-ciphers.bro policy/ssl-index)
|
||||
rest_target(${POLICY_SRC_DIR} ssl-errors.bro policy/ssl-index)
|
||||
rest_target(${POLICY_SRC_DIR} ssl.bro policy/ssl-index)
|
||||
|
||||
rest_target(${POLICY_SRC_DIR} utils/pattern.bro user)
|
||||
rest_target(${POLICY_SRC_DIR} weird.bro user)
|
||||
|
||||
# Finding out what scripts bro will generate documentation for by default
|
||||
# can be done like: `bro --doc-scripts --exec ""`
|
||||
rest_target(${POLICY_SRC_DIR} bro.init default)
|
||||
rest_target(${POLICY_SRC_DIR} logging-ascii.bro default)
|
||||
rest_target(${POLICY_SRC_DIR} logging.bro default)
|
||||
rest_target(${POLICY_SRC_DIR} pcap.bro default)
|
||||
rest_target(${POLICY_SRC_DIR} server-ports.bro default)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src bro.bif.bro bifs)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src const.bif.bro bifs)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src event.bif.bro bifs)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src logging.bif.bro bifs)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src strings.bif.bro bifs)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src types.bif.bro bifs)
|
||||
include(DocSourcesList.cmake)
|
||||
|
||||
# create temporary list of all docs to include in the master policy/index file
|
||||
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/tmp_policy_index
|
||||
"${MASTER_POLICY_INDEX_TEXT}")
|
||||
set(MASTER_POLICY_INDEX ${CMAKE_CURRENT_BINARY_DIR}/policy_index)
|
||||
file(WRITE ${MASTER_POLICY_INDEX} "${MASTER_POLICY_INDEX_TEXT}")
|
||||
|
||||
# create the temporary list of all packages to include in the master
|
||||
# policy/packages.rst file
|
||||
set(MASTER_PACKAGE_INDEX ${CMAKE_CURRENT_BINARY_DIR}/pkg_index)
|
||||
set(MASTER_PKG_INDEX_TEXT "")
|
||||
foreach (pkg ${MASTER_PKG_LIST})
|
||||
# strip of the trailing /index for the link name
|
||||
get_filename_component(lnktxt ${pkg} PATH)
|
||||
set(MASTER_PKG_INDEX_TEXT "${MASTER_PKG_INDEX_TEXT}\n ${lnktxt} <${pkg}>")
|
||||
endforeach ()
|
||||
file(WRITE ${MASTER_PACKAGE_INDEX} "${MASTER_PKG_INDEX_TEXT}")
|
||||
|
||||
# create temporary file containing list of all groups
|
||||
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/group_list
|
||||
|
|
@ -270,7 +182,12 @@ if (EXISTS ${RST_OUTPUT_DIR})
|
|||
list(FIND ALL_REST_OUTPUTS ${_doc} _found)
|
||||
if (_found EQUAL -1)
|
||||
file(REMOVE ${_doc})
|
||||
message(STATUS "Removing stale reST doc: ${_doc}")
|
||||
message(STATUS "AutoDoc: remove stale reST doc: ${_doc}")
|
||||
string(REPLACE .rst .bro _brofile ${_doc})
|
||||
if (EXISTS ${_brofile})
|
||||
file(REMOVE ${_brofile})
|
||||
message(STATUS "AutoDoc: remove stale bro source: ${_brofile}")
|
||||
endif ()
|
||||
endif ()
|
||||
endforeach ()
|
||||
endif ()
|
||||
|
|
@ -305,8 +222,11 @@ add_custom_target(doc
|
|||
${RST_OUTPUT_DIR}
|
||||
${DOC_SOURCE_WORKDIR}/policy
|
||||
# append to the master index of all policy scripts
|
||||
COMMAND cat ${CMAKE_CURRENT_BINARY_DIR}/tmp_policy_index >>
|
||||
COMMAND cat ${MASTER_POLICY_INDEX} >>
|
||||
${DOC_SOURCE_WORKDIR}/policy/index.rst
|
||||
# append to the master index of all policy packages
|
||||
COMMAND cat ${MASTER_PACKAGE_INDEX} >>
|
||||
${DOC_SOURCE_WORKDIR}/packages.rst
|
||||
# construct a reST file for each group
|
||||
COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/group_index_generator.py
|
||||
${CMAKE_CURRENT_BINARY_DIR}/group_list
|
||||
|
|
@ -325,7 +245,7 @@ add_custom_target(doc
|
|||
${CMAKE_BINARY_DIR}/html
|
||||
WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
|
||||
COMMENT "[Sphinx] Generating HTML policy script docs"
|
||||
# SOURCES just adds stuff to IDE projects as a convienience
|
||||
# SOURCES just adds stuff to IDE projects as a convenience
|
||||
SOURCES ${DOC_SOURCES})
|
||||
|
||||
# The "docclean" target removes just the Sphinx input/output directories
|
||||
|
|
|
|||
127
doc/scripts/DocSourcesList.cmake
Normal file
127
doc/scripts/DocSourcesList.cmake
Normal file
|
|
@ -0,0 +1,127 @@
|
|||
# This is a list of Bro script sources for which to generate reST documentation.
|
||||
# It will be included inline in the CMakeLists.txt found in the same directory
|
||||
# in order to create Makefile targets that define how to generate reST from
|
||||
# a given Bro script.
|
||||
#
|
||||
# Note: any path prefix of the script (2nd argument of rest_target macro)
|
||||
# will be used to derive what path under policy/ the generated documentation
|
||||
# will be placed.
|
||||
|
||||
set(psd ${PROJECT_SOURCE_DIR}/policy)
|
||||
|
||||
rest_target(${CMAKE_CURRENT_SOURCE_DIR} example.bro internal)
|
||||
|
||||
rest_target(${CMAKE_BINARY_DIR}/src bro.bif.bro)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src const.bif.bro)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src event.bif.bro)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src logging.bif.bro)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src strings.bif.bro)
|
||||
rest_target(${CMAKE_BINARY_DIR}/src types.bif.bro)
|
||||
|
||||
rest_target(${psd} bro.init)
|
||||
rest_target(${psd} functions.bro)
|
||||
rest_target(${psd} site.bro)
|
||||
|
||||
rest_target(${psd} detectors/http-MHR.bro)
|
||||
|
||||
rest_target(${psd} frameworks/communication/base.bro)
|
||||
rest_target(${psd} frameworks/communication/listen-clear.bro)
|
||||
rest_target(${psd} frameworks/communication/listen-ssl.bro)
|
||||
|
||||
rest_target(${psd} frameworks/dpd/base.bro)
|
||||
rest_target(${psd} frameworks/dpd/dyn-disable.bro)
|
||||
rest_target(${psd} frameworks/dpd/packet-segment-logging.bro)
|
||||
|
||||
rest_target(${psd} frameworks/intel/base.bro)
|
||||
|
||||
rest_target(${psd} frameworks/logging/base.bro)
|
||||
rest_target(${psd} frameworks/logging/plugins/ascii.bro)
|
||||
|
||||
rest_target(${psd} frameworks/metrics/base.bro)
|
||||
rest_target(${psd} frameworks/metrics/conn-example.bro)
|
||||
rest_target(${psd} frameworks/metrics/http-example.bro)
|
||||
|
||||
rest_target(${psd} frameworks/notice/action-filters.bro)
|
||||
rest_target(${psd} frameworks/notice/base.bro)
|
||||
rest_target(${psd} frameworks/notice/weird.bro)
|
||||
|
||||
rest_target(${psd} frameworks/packet-filter/base.bro)
|
||||
rest_target(${psd} frameworks/packet-filter/netstats.bro)
|
||||
|
||||
rest_target(${psd} frameworks/signatures/base.bro)
|
||||
|
||||
rest_target(${psd} frameworks/software/base.bro)
|
||||
rest_target(${psd} frameworks/software/vulnerable.bro)
|
||||
|
||||
rest_target(${psd} integration/barnyard2/base.bro)
|
||||
rest_target(${psd} integration/barnyard2/event.bro)
|
||||
rest_target(${psd} integration/barnyard2/types.bro)
|
||||
|
||||
rest_target(${psd} protocols/conn/base.bro)
|
||||
rest_target(${psd} protocols/conn/contents.bro)
|
||||
rest_target(${psd} protocols/conn/inactivity.bro)
|
||||
rest_target(${psd} protocols/conn/known-hosts.bro)
|
||||
rest_target(${psd} protocols/conn/known-services.bro)
|
||||
|
||||
rest_target(${psd} protocols/dns/auth-addl.bro)
|
||||
rest_target(${psd} protocols/dns/base.bro)
|
||||
rest_target(${psd} protocols/dns/consts.bro)
|
||||
rest_target(${psd} protocols/dns/detect.bro)
|
||||
|
||||
rest_target(${psd} protocols/ftp/base.bro)
|
||||
rest_target(${psd} protocols/ftp/detect.bro)
|
||||
rest_target(${psd} protocols/ftp/file-extract.bro)
|
||||
rest_target(${psd} protocols/ftp/software.bro)
|
||||
rest_target(${psd} protocols/ftp/utils-commands.bro)
|
||||
|
||||
rest_target(${psd} protocols/http/base.bro)
|
||||
rest_target(${psd} protocols/http/detect-intel.bro)
|
||||
rest_target(${psd} protocols/http/detect-sqli.bro)
|
||||
rest_target(${psd} protocols/http/detect-webapps.bro)
|
||||
rest_target(${psd} protocols/http/file-extract.bro)
|
||||
rest_target(${psd} protocols/http/file-hash.bro)
|
||||
rest_target(${psd} protocols/http/file-ident.bro)
|
||||
rest_target(${psd} protocols/http/headers.bro)
|
||||
rest_target(${psd} protocols/http/software.bro)
|
||||
rest_target(${psd} protocols/http/utils.bro)
|
||||
rest_target(${psd} protocols/http/var-extraction-cookies.bro)
|
||||
rest_target(${psd} protocols/http/var-extraction-uri.bro)
|
||||
|
||||
rest_target(${psd} protocols/irc/base.bro)
|
||||
rest_target(${psd} protocols/irc/dcc-send.bro)
|
||||
|
||||
rest_target(${psd} protocols/mime/base.bro)
|
||||
rest_target(${psd} protocols/mime/file-extract.bro)
|
||||
rest_target(${psd} protocols/mime/file-hash.bro)
|
||||
rest_target(${psd} protocols/mime/file-ident.bro)
|
||||
|
||||
rest_target(${psd} protocols/rpc/base.bro)
|
||||
|
||||
rest_target(${psd} protocols/smtp/base.bro)
|
||||
rest_target(${psd} protocols/smtp/detect.bro)
|
||||
rest_target(${psd} protocols/smtp/software.bro)
|
||||
|
||||
rest_target(${psd} protocols/ssh/base.bro)
|
||||
rest_target(${psd} protocols/ssh/software.bro)
|
||||
|
||||
rest_target(${psd} protocols/ssl/base.bro)
|
||||
rest_target(${psd} protocols/ssl/consts.bro)
|
||||
rest_target(${psd} protocols/ssl/known-certs.bro)
|
||||
rest_target(${psd} protocols/ssl/mozilla-ca-list.bro)
|
||||
|
||||
rest_target(${psd} protocols/syslog/base.bro)
|
||||
rest_target(${psd} protocols/syslog/consts.bro)
|
||||
|
||||
rest_target(${psd} tuning/defaults/packet-fragments.bro)
|
||||
rest_target(${psd} tuning/defaults/remove-high-volume-notices.bro)
|
||||
rest_target(${psd} tuning/track-all-assets.bro)
|
||||
|
||||
rest_target(${psd} utils/addrs.bro)
|
||||
rest_target(${psd} utils/conn_ids.bro)
|
||||
rest_target(${psd} utils/directions-and-hosts.bro)
|
||||
rest_target(${psd} utils/files.bro)
|
||||
rest_target(${psd} utils/numbers.bro)
|
||||
rest_target(${psd} utils/paths.bro)
|
||||
rest_target(${psd} utils/pattern.bro)
|
||||
rest_target(${psd} utils/strings.bro)
|
||||
rest_target(${psd} utils/thresholds.bro)
|
||||
|
|
@ -38,15 +38,19 @@ by CMake:
|
|||
|
||||
This target removes Sphinx inputs and outputs from the CMake ``build/`` dir.
|
||||
|
||||
To schedule a script to be documented, edit ``CMakeLists.txt`` inside this
|
||||
directory add a call to the ``rest_target()`` macro. Calling that macro
|
||||
with a group name for the script is optional, but if not given, the only
|
||||
link to the script will be in the master TOC tree for all policy scripts.
|
||||
To schedule a script to be documented, edit ``DocSourcesList.cmake`` inside
|
||||
this directory add a call to the ``rest_target()`` macro. Calling that macro
|
||||
with a group name for the script is optional. If the group is omitted, the
|
||||
only links to the script will be in the master TOC tree for all policy scripts
|
||||
as well as the master TOC tree for script packages (derived from the path
|
||||
component of the second argument to ``rest_target()``), with the exception
|
||||
of ``.bif`` files which are grouped automatically.
|
||||
|
||||
When adding a new logical grouping for generated scripts, create a new
|
||||
reST document in ``source/<group_name>.rst`` and add some default
|
||||
When adding a new logical grouping e.g. "my/group" (groups are allowed
|
||||
to contain slashes specifying a path) for generated scripts,
|
||||
create a new reST document in ``source/my/group.rst`` and add some default
|
||||
documentation for the group. References to (and summaries of) documents
|
||||
associated with the group get appended to this file during the
|
||||
associated with the group get appended to this pre-created file during the
|
||||
``make doc`` process.
|
||||
|
||||
The Sphinx source tree template in ``source/`` can be modified to add more
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ master_doc = 'index'
|
|||
|
||||
# General information about the project.
|
||||
project = u'Bro'
|
||||
copyright = u'2011, Jon Siwek'
|
||||
copyright = u'2011, The Bro Project'
|
||||
|
||||
# The version info for the project you're documenting, acts as replacement for
|
||||
# |version| and |release|, also used in various other places throughout the
|
||||
|
|
@ -178,7 +178,7 @@ htmlhelp_basename = 'Brodoc'
|
|||
# (source start file, target name, title, author, documentclass [howto/manual]).
|
||||
latex_documents = [
|
||||
('index', 'Bro.tex', u'Bro Documentation',
|
||||
u'Jon Siwek', 'manual'),
|
||||
u'The Bro Project', 'manual'),
|
||||
]
|
||||
|
||||
# The name of an image file (relative to this directory) to place at the top of
|
||||
|
|
@ -211,5 +211,5 @@ latex_documents = [
|
|||
# (source start file, name, description, authors, manual section).
|
||||
man_pages = [
|
||||
('index', 'bro', u'Bro Documentation',
|
||||
[u'Jon Siwek'], 1)
|
||||
[u'The Bro Project'], 1)
|
||||
]
|
||||
|
|
|
|||
|
|
@ -46,6 +46,16 @@ with open(group_list, 'r') as f_group_list:
|
|||
summary_comments.append(line[(sum_pos+3):])
|
||||
#print summary_comments
|
||||
group_file = os.path.join(output_dir, group + ".rst")
|
||||
if not os.path.exists(group_file):
|
||||
if not os.path.exists(os.path.dirname(group_file)):
|
||||
os.makedirs(os.path.dirname(group_file))
|
||||
with open(group_file, 'w') as f_group_file:
|
||||
title = "Package Index: %s\n" % os.path.dirname(group)
|
||||
f_group_file.write(title);
|
||||
for n in range(len(title)):
|
||||
f_group_file.write("=")
|
||||
f_group_file.write("\n");
|
||||
|
||||
with open(group_file, 'a') as f_group_file:
|
||||
f_group_file.write("\n:doc:`/policy/%s`\n" % doc_names[i])
|
||||
for line in summary_comments:
|
||||
|
|
|
|||
|
|
@ -64,11 +64,6 @@ The Bro scripting language supports the following built-in types.
|
|||
|
||||
.. bro:type:: event
|
||||
|
||||
.. TODO: Notice will get documented as part of notice.bro, which can eventually
|
||||
be referenced here once that documentation is auto-generated.
|
||||
|
||||
.. bro:type:: Notice
|
||||
|
||||
Attributes
|
||||
----------
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +0,0 @@
|
|||
Bro Scripts Loaded by Default
|
||||
=============================
|
||||
|
||||
|
|
@ -11,21 +11,10 @@ Contents:
|
|||
|
||||
common
|
||||
builtins
|
||||
default
|
||||
bifs
|
||||
user
|
||||
policy/dns-index
|
||||
policy/ftp-index
|
||||
policy/http-index
|
||||
policy/irc-index
|
||||
policy/metrics-index
|
||||
policy/mime-index
|
||||
policy/sig-index
|
||||
policy/smtp-index
|
||||
policy/software-index
|
||||
policy/ssh-index
|
||||
policy/ssl-index
|
||||
internal
|
||||
bifs
|
||||
packages
|
||||
collections
|
||||
policy/index
|
||||
|
||||
Indices and tables
|
||||
|
|
|
|||
13
doc/scripts/source/packages.rst
Normal file
13
doc/scripts/source/packages.rst
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
Policy Script Packages
|
||||
======================
|
||||
|
||||
Bro has the following policy script packages (e.g. collections of related
|
||||
policy scripts). If the package contains a ``__load__.bro`` script, it
|
||||
supports being loaded in mass as a whole directory for convenience.
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
DNS Policy Scripts
|
||||
==================
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
FTP Policy Scripts
|
||||
==================
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
HTTP Policy Scripts
|
||||
===================
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
IRC Policy Scripts
|
||||
==================
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
Metrics Policy Scripts
|
||||
======================
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
MIME Policy Scripts
|
||||
===================
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
Signature Policy Scripts
|
||||
========================
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
SMTP Policy Scripts
|
||||
===================
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
Software Policy Scripts
|
||||
=======================
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
SSH Policy Scripts
|
||||
==================
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
SSL Policy Scripts
|
||||
==================
|
||||
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
.. This is a stub doc to which the build process can append.
|
||||
|
||||
Other User-Facing Policy Scripts
|
||||
================================
|
||||
|
||||
|
|
@ -8,7 +8,7 @@
|
|||
@load mime
|
||||
@load smtp
|
||||
@load ssh
|
||||
#@load ssl
|
||||
@load ssl
|
||||
@load syslog
|
||||
|
||||
#@load communication
|
||||
|
|
|
|||
|
|
@ -1,2 +1,4 @@
|
|||
#@load ssl/base
|
||||
#@load ssl/validate
|
||||
@load ssl/consts
|
||||
@load ssl/base
|
||||
@load ssl/mozilla-ca-list
|
||||
@load ssl/known-certs
|
||||
|
|
@ -1,45 +1,47 @@
|
|||
|
||||
@load notice
|
||||
|
||||
module SSL;
|
||||
|
||||
export {
|
||||
|
||||
## This is the root CA bundle. By default it is Mozilla's full trusted
|
||||
## root CA list.
|
||||
# TODO: move the mozilla_root_certs setting into the mozilla file.
|
||||
#print mozilla_root_certs;
|
||||
const root_certs: table[string] of string = {} &redef;
|
||||
#const root_certs: table[string] of string = {} &redef;
|
||||
|
||||
|
||||
## This is where you can define root certificates that you want to validate
|
||||
## against servers. For example, you may have a policy that states that
|
||||
## all local certificates must be signed by a specific signing authority.
|
||||
## If you specify your local networks with only the specific authority
|
||||
## or authorities your policy stipulates here, certificates signed by any
|
||||
## other key will not validate. By default, all servers are validated
|
||||
## against the full ``root_certs`` bundle.
|
||||
#const server_validation: table[subnet] of table[string] of string =
|
||||
# { [0.0.0.0/0] = root_certs } &redef;
|
||||
redef enum Log::ID += { SSL };
|
||||
|
||||
## This is where you can define root certificates that you want to validate
|
||||
## against clients. This is still doing validation against the server
|
||||
## certificate chain, but this allows you to define a restricted
|
||||
## list of signing certificate that clients should be seen connecting to.
|
||||
## For example, you may have a tightly controlled network
|
||||
## that you **never** want to establish SSL sessions using anything other
|
||||
## than certificates signed by a very select list of certificate
|
||||
## authorities. You can define the networks in this variable along with
|
||||
## key signing certificates with which they should be allowed to establish
|
||||
## SSL connections. By default, all client connections are validated
|
||||
## against the full ``root_certs`` bundle.
|
||||
#const client_validation: table[subnet] of table[string] of string =
|
||||
# { [0.0.0.0/0] = root_certs } &redef;
|
||||
redef enum Notice::Type += {
|
||||
Invalid_Server_Cert,
|
||||
Self_Signed_Cert
|
||||
};
|
||||
|
||||
type Info: record {
|
||||
ts: time &log;
|
||||
uid: string &log;
|
||||
id: conn_id &log;
|
||||
version: string &log &optional;
|
||||
cipher: string &log &optional;
|
||||
validation_status:string &log &optional;
|
||||
server_name: string &log &optional;
|
||||
subject: string &log &optional;
|
||||
not_valid_before: time &log &optional;
|
||||
not_valid_after: time &log &optional;
|
||||
|
||||
cert: string &optional;
|
||||
cert_chain: vector of string &optional;
|
||||
};
|
||||
|
||||
## This is where the default root CA bundle is defined. By loading the
|
||||
## protocols/ssl/mozilla-ca-list.bro script it will be set to Mozilla's
|
||||
## root CA list.
|
||||
const root_certs: table[string] of string = {} &redef;
|
||||
|
||||
global log_ssl: event(rec: Info);
|
||||
}
|
||||
|
||||
# TODO: add the script for this and generate on one to ship.
|
||||
#@load mozilla-root-certs
|
||||
redef record connection += {
|
||||
ssl: Info &optional;
|
||||
};
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Log::create_stream(SSL, [$columns=Info, $ev=log_ssl]);
|
||||
}
|
||||
|
||||
redef capture_filters += {
|
||||
["ssl"] = "tcp port 443",
|
||||
|
|
@ -57,18 +59,80 @@ redef capture_filters += {
|
|||
|
||||
global ssl_ports = {
|
||||
443/tcp, 563/tcp, 585/tcp, 614/tcp, 636/tcp,
|
||||
989/tcp, 990/tcp, 992/tcp, 993/tcp, 995/tcp,
|
||||
989/tcp, 990/tcp, 992/tcp, 993/tcp, 995/tcp, 5223/tcp
|
||||
} &redef;
|
||||
|
||||
redef dpd_config += {
|
||||
[[ANALYZER_SSL]] = [$ports = ssl_ports]
|
||||
};
|
||||
|
||||
function set_session(c: connection)
|
||||
{
|
||||
if ( ! c?$ssl )
|
||||
c$ssl = [$ts=network_time(), $uid=c$uid, $id=c$id, $cert_chain=vector()];
|
||||
}
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, possible_ts: time, session_id: string, ciphers: count_set) &priority=5
|
||||
{
|
||||
set_session(c);
|
||||
}
|
||||
|
||||
event ssl_server_hello(c: connection, version: count, possible_ts: time, session_id: string, cipher: count, comp_method: count) &priority=5
|
||||
{
|
||||
set_session(c);
|
||||
|
||||
c$ssl$version = version_strings[version];
|
||||
c$ssl$cipher = cipher_desc[cipher];
|
||||
}
|
||||
|
||||
event x509_certificate(c: connection, cert: X509, is_server: bool, chain_idx: count, chain_len: count, der_cert: string) &priority=5
|
||||
{
|
||||
set_session(c);
|
||||
|
||||
if ( chain_idx == 0 )
|
||||
{
|
||||
# Save the primary cert.
|
||||
c$ssl$cert = der_cert;
|
||||
|
||||
# Also save other certificate information about the primary cert.
|
||||
c$ssl$subject = cert$subject;
|
||||
c$ssl$not_valid_before = cert$not_valid_before;
|
||||
c$ssl$not_valid_after = cert$not_valid_after;
|
||||
}
|
||||
else
|
||||
{
|
||||
# Otherwise, add it to the cert validation chain.
|
||||
c$ssl$cert_chain[|c$ssl$cert_chain|] = der_cert;
|
||||
}
|
||||
}
|
||||
|
||||
event ssl_extension(c: connection, code: count, val: string)
|
||||
{
|
||||
set_session(c);
|
||||
|
||||
if ( extensions[code] == "server_name" )
|
||||
c$ssl$server_name = sub_bytes(val, 6, |val|);
|
||||
}
|
||||
|
||||
event x509_certificate(c: connection, cert: X509, is_server: bool, chain_idx: count, chain_len: count, der_cert: string) &priority=-5
|
||||
{
|
||||
if ( chain_idx == chain_len-1 || chain_len == 1 )
|
||||
{
|
||||
local result = x509_verify(c$ssl$cert, c$ssl$cert_chain, root_certs);
|
||||
c$ssl$validation_status = x509_err2str(result);
|
||||
if ( result != 0 )
|
||||
{
|
||||
local message = fmt("SSL certificate validation failed with (%s)", c$ssl$validation_status);
|
||||
NOTICE([$note=Invalid_Server_Cert, $msg=message,
|
||||
$sub=c$ssl$subject, $conn=c]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
event ssl_established(c: connection) &priority=-5
|
||||
{
|
||||
set_session(c);
|
||||
|
||||
Log::write(SSL, c$ssl);
|
||||
}
|
||||
|
||||
#redef SSL::client_validation += table(
|
||||
# [128.146.0.0/16] = table(
|
||||
# ["LOCAL_DER_CERT"] = "ADFADFWEAFASDFASDFA",
|
||||
# ["LOCAL_DER_CERT2"] = "ADFADFWEAFASDFASDFA" )
|
||||
# #["DER_CERT_1"] = SSL::root_certs["DER_CERT_1"],
|
||||
# #["LOCAL_DER_CERT"] = "ADFADFWEAFASDFASDFA"},
|
||||
#);
|
||||
|
|
|
|||
532
policy/protocols/ssl/consts.bro
Normal file
532
policy/protocols/ssl/consts.bro
Normal file
|
|
@ -0,0 +1,532 @@
|
|||
module SSL;
|
||||
|
||||
export {
|
||||
|
||||
const SSLv2 = 0x0002;
|
||||
const SSLv3 = 0x0300;
|
||||
const TLSv10 = 0x0301;
|
||||
const TLSv11 = 0x0302;
|
||||
const version_strings: table[count] of string = {
|
||||
[SSLv2] = "SSLv2",
|
||||
[SSLv3] = "SSLv3",
|
||||
[TLSv10] = "TLSv10",
|
||||
[TLSv11] = "TLSv11",
|
||||
} &default="UNKNOWN";
|
||||
|
||||
# http://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
|
||||
const extensions: table[count] of string = {
|
||||
[0] = "server_name",
|
||||
[1] = "max_fragment_length",
|
||||
[2] = "client_certificate_url",
|
||||
[3] = "trusted_ca_keys",
|
||||
[4] = "truncated_hmac",
|
||||
[5] = "status_request",
|
||||
[6] = "user_mapping",
|
||||
[7] = "client_authz",
|
||||
[8] = "server_authz",
|
||||
[9] = "cert_type",
|
||||
[10] = "elliptic_curves",
|
||||
[11] = "ec_point_formats",
|
||||
[12] = "srp",
|
||||
[13] = "signature_algorithms",
|
||||
[14] = "use_srtp",
|
||||
[35] = "SessionTicket TLS",
|
||||
[65281] = "renegotiation_info"
|
||||
} &default=function(i: count):string { return fmt("unknown-%d", i); };
|
||||
|
||||
## SSLv2
|
||||
const SSLv20_CK_RC4_128_WITH_MD5 = 0x010080;
|
||||
const SSLv20_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080;
|
||||
const SSLv20_CK_RC2_128_CBC_WITH_MD5 = 0x030080;
|
||||
const SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080;
|
||||
const SSLv20_CK_IDEA_128_CBC_WITH_MD5 = 0x050080;
|
||||
const SSLv20_CK_DES_64_CBC_WITH_MD5 = 0x060040;
|
||||
const SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0;
|
||||
|
||||
## TLS
|
||||
const TLS_NULL_WITH_NULL_NULL = 0x0000;
|
||||
const TLS_RSA_WITH_NULL_MD5 = 0x0001;
|
||||
const TLS_RSA_WITH_NULL_SHA = 0x0002;
|
||||
const TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003;
|
||||
const TLS_RSA_WITH_RC4_128_MD5 = 0x0004;
|
||||
const TLS_RSA_WITH_RC4_128_SHA = 0x0005;
|
||||
const TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006;
|
||||
const TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007;
|
||||
const TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008;
|
||||
const TLS_RSA_WITH_DES_CBC_SHA = 0x0009;
|
||||
const TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A;
|
||||
const TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B;
|
||||
const TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C;
|
||||
const TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D;
|
||||
const TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E;
|
||||
const TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F;
|
||||
const TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010;
|
||||
const TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011;
|
||||
const TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012;
|
||||
const TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013;
|
||||
const TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014;
|
||||
const TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015;
|
||||
const TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016;
|
||||
const TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017;
|
||||
const TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018;
|
||||
const TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019;
|
||||
const TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A;
|
||||
const TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B;
|
||||
const SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C;
|
||||
const SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D;
|
||||
const TLS_KRB5_WITH_DES_CBC_SHA = 0x001E;
|
||||
const TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F;
|
||||
const TLS_KRB5_WITH_RC4_128_SHA = 0x0020;
|
||||
const TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021;
|
||||
const TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022;
|
||||
const TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023;
|
||||
const TLS_KRB5_WITH_RC4_128_MD5 = 0x0024;
|
||||
const TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025;
|
||||
const TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026;
|
||||
const TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027;
|
||||
const TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028;
|
||||
const TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029;
|
||||
const TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A;
|
||||
const TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B;
|
||||
const TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F;
|
||||
const TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030;
|
||||
const TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031;
|
||||
const TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032;
|
||||
const TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033;
|
||||
const TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034;
|
||||
const TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035;
|
||||
const TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036;
|
||||
const TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037;
|
||||
const TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038;
|
||||
const TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039;
|
||||
const TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A;
|
||||
const TLS_RSA_WITH_NULL_SHA256 = 0x003B;
|
||||
const TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C;
|
||||
const TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D;
|
||||
const TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E;
|
||||
const TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F;
|
||||
const TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040;
|
||||
const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041;
|
||||
const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042;
|
||||
const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043;
|
||||
const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044;
|
||||
const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045;
|
||||
const TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046;
|
||||
const TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060;
|
||||
const TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061;
|
||||
const TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062;
|
||||
const TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063;
|
||||
const TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064;
|
||||
const TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065;
|
||||
const TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066;
|
||||
const TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067;
|
||||
const TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068;
|
||||
const TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069;
|
||||
const TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A;
|
||||
const TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B;
|
||||
const TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C;
|
||||
const TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D;
|
||||
const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084;
|
||||
const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085;
|
||||
const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086;
|
||||
const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087;
|
||||
const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088;
|
||||
const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089;
|
||||
const TLS_PSK_WITH_RC4_128_SHA = 0x008A;
|
||||
const TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B;
|
||||
const TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C;
|
||||
const TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D;
|
||||
const TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E;
|
||||
const TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F;
|
||||
const TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090;
|
||||
const TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091;
|
||||
const TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092;
|
||||
const TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093;
|
||||
const TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094;
|
||||
const TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095;
|
||||
const TLS_RSA_WITH_SEED_CBC_SHA = 0x0096;
|
||||
const TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097;
|
||||
const TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098;
|
||||
const TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099;
|
||||
const TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A;
|
||||
const TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B;
|
||||
const TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C;
|
||||
const TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D;
|
||||
const TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E;
|
||||
const TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F;
|
||||
const TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0;
|
||||
const TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1;
|
||||
const TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2;
|
||||
const TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3;
|
||||
const TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4;
|
||||
const TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5;
|
||||
const TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6;
|
||||
const TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7;
|
||||
const TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8;
|
||||
const TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9;
|
||||
const TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA;
|
||||
const TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB;
|
||||
const TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC;
|
||||
const TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD;
|
||||
const TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE;
|
||||
const TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF;
|
||||
const TLS_PSK_WITH_NULL_SHA256 = 0x00B0;
|
||||
const TLS_PSK_WITH_NULL_SHA384 = 0x00B1;
|
||||
const TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2;
|
||||
const TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3;
|
||||
const TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4;
|
||||
const TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5;
|
||||
const TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6;
|
||||
const TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7;
|
||||
const TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8;
|
||||
const TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9;
|
||||
const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA;
|
||||
const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB;
|
||||
const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC;
|
||||
const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD;
|
||||
const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE;
|
||||
const TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF;
|
||||
const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0;
|
||||
const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1;
|
||||
const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2;
|
||||
const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3;
|
||||
const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4;
|
||||
const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5;
|
||||
const TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001;
|
||||
const TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002;
|
||||
const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005;
|
||||
const TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006;
|
||||
const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007;
|
||||
const TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A;
|
||||
const TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B;
|
||||
const TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C;
|
||||
const TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D;
|
||||
const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E;
|
||||
const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F;
|
||||
const TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010;
|
||||
const TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011;
|
||||
const TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012;
|
||||
const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013;
|
||||
const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014;
|
||||
const TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015;
|
||||
const TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016;
|
||||
const TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017;
|
||||
const TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018;
|
||||
const TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019;
|
||||
const TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A;
|
||||
const TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B;
|
||||
const TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C;
|
||||
const TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D;
|
||||
const TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E;
|
||||
const TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F;
|
||||
const TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020;
|
||||
const TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021;
|
||||
const TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026;
|
||||
const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027;
|
||||
const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028;
|
||||
const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029;
|
||||
const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E;
|
||||
const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F;
|
||||
const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030;
|
||||
const TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031;
|
||||
const TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032;
|
||||
const TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033;
|
||||
const TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034;
|
||||
const TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035;
|
||||
const TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036;
|
||||
const TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037;
|
||||
const TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038;
|
||||
const TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039;
|
||||
const TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A;
|
||||
const TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B;
|
||||
const SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE;
|
||||
const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF;
|
||||
const SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1;
|
||||
const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0;
|
||||
const SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80;
|
||||
const SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81;
|
||||
const SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82;
|
||||
const SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83;
|
||||
const TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF;
|
||||
|
||||
# --- This is a table of all known cipher specs.
|
||||
# --- It can be used for detecting unknown ciphers and for
|
||||
# --- converting the cipher spec constants into a human readable format.
|
||||
|
||||
const cipher_desc: table[count] of string = {
|
||||
# --- sslv20 ---
|
||||
[SSLv20_CK_RC4_128_EXPORT40_WITH_MD5] =
|
||||
"SSLv20_CK_RC4_128_EXPORT40_WITH_MD5",
|
||||
[SSLv20_CK_RC4_128_WITH_MD5] = "SSLv20_CK_RC4_128_WITH_MD5",
|
||||
[SSLv20_CK_RC2_128_CBC_WITH_MD5] = "SSLv20_CK_RC2_128_CBC_WITH_MD5",
|
||||
[SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5] =
|
||||
"SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5",
|
||||
[SSLv20_CK_IDEA_128_CBC_WITH_MD5] = "SSLv20_CK_IDEA_128_CBC_WITH_MD5",
|
||||
[SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5] =
|
||||
"SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5",
|
||||
[SSLv20_CK_DES_64_CBC_WITH_MD5] = "SSLv20_CK_DES_64_CBC_WITH_MD5",
|
||||
|
||||
# --- TLS ---
|
||||
[TLS_NULL_WITH_NULL_NULL] = "TLS_NULL_WITH_NULL_NULL",
|
||||
[TLS_RSA_WITH_NULL_MD5] = "TLS_RSA_WITH_NULL_MD5",
|
||||
[TLS_RSA_WITH_NULL_SHA] = "TLS_RSA_WITH_NULL_SHA",
|
||||
[TLS_RSA_EXPORT_WITH_RC4_40_MD5] = "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
|
||||
[TLS_RSA_WITH_RC4_128_MD5] = "TLS_RSA_WITH_RC4_128_MD5",
|
||||
[TLS_RSA_WITH_RC4_128_SHA] = "TLS_RSA_WITH_RC4_128_SHA",
|
||||
[TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5] = "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
|
||||
[TLS_RSA_WITH_IDEA_CBC_SHA] = "TLS_RSA_WITH_IDEA_CBC_SHA",
|
||||
[TLS_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_RSA_WITH_DES_CBC_SHA] = "TLS_RSA_WITH_DES_CBC_SHA",
|
||||
[TLS_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_DES_CBC_SHA] = "TLS_DH_DSS_WITH_DES_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_DES_CBC_SHA] = "TLS_DH_RSA_WITH_DES_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_DES_CBC_SHA] = "TLS_DHE_DSS_WITH_DES_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_DES_CBC_SHA] = "TLS_DHE_RSA_WITH_DES_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5] = "TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5",
|
||||
[TLS_DH_ANON_WITH_RC4_128_MD5] = "TLS_DH_ANON_WITH_RC4_128_MD5",
|
||||
[TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_DES_CBC_SHA] = "TLS_DH_ANON_WITH_DES_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA",
|
||||
[SSL_FORTEZZA_KEA_WITH_NULL_SHA] = "SSL_FORTEZZA_KEA_WITH_NULL_SHA",
|
||||
[SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA] = "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA",
|
||||
[TLS_KRB5_WITH_DES_CBC_SHA] = "TLS_KRB5_WITH_DES_CBC_SHA",
|
||||
[TLS_KRB5_WITH_3DES_EDE_CBC_SHA] = "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_KRB5_WITH_RC4_128_SHA] = "TLS_KRB5_WITH_RC4_128_SHA",
|
||||
[TLS_KRB5_WITH_IDEA_CBC_SHA] = "TLS_KRB5_WITH_IDEA_CBC_SHA",
|
||||
[TLS_KRB5_WITH_DES_CBC_MD5] = "TLS_KRB5_WITH_DES_CBC_MD5",
|
||||
[TLS_KRB5_WITH_3DES_EDE_CBC_MD5] = "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
|
||||
[TLS_KRB5_WITH_RC4_128_MD5] = "TLS_KRB5_WITH_RC4_128_MD5",
|
||||
[TLS_KRB5_WITH_IDEA_CBC_MD5] = "TLS_KRB5_WITH_IDEA_CBC_MD5",
|
||||
[TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
|
||||
[TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
|
||||
[TLS_KRB5_EXPORT_WITH_RC4_40_SHA] = "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
|
||||
[TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
|
||||
[TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
|
||||
[TLS_KRB5_EXPORT_WITH_RC4_40_MD5] = "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
|
||||
[TLS_RSA_WITH_AES_128_CBC_SHA] = "TLS_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_AES_128_CBC_SHA] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_AES_128_CBC_SHA] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_AES_128_CBC_SHA] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_AES_128_CBC_SHA] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_AES_128_CBC_SHA] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA",
|
||||
[TLS_RSA_WITH_AES_256_CBC_SHA] = "TLS_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_AES_256_CBC_SHA] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_AES_256_CBC_SHA] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_AES_256_CBC_SHA] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_AES_256_CBC_SHA] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_AES_256_CBC_SHA] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA",
|
||||
[TLS_RSA_WITH_NULL_SHA256] = "TLS_RSA_WITH_NULL_SHA256",
|
||||
[TLS_RSA_WITH_AES_128_CBC_SHA256] = "TLS_RSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_RSA_WITH_AES_256_CBC_SHA256] = "TLS_RSA_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_DH_DSS_WITH_AES_128_CBC_SHA256] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_DH_RSA_WITH_AES_128_CBC_SHA256] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_DHE_DSS_WITH_AES_128_CBC_SHA256] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_RSA_EXPORT1024_WITH_RC4_56_MD5] = "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5",
|
||||
[TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5] = "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5",
|
||||
[TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA] = "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
|
||||
[TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA] = "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
|
||||
[TLS_RSA_EXPORT1024_WITH_RC4_56_SHA] = "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
|
||||
[TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA] = "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
|
||||
[TLS_DHE_DSS_WITH_RC4_128_SHA] = "TLS_DHE_DSS_WITH_RC4_128_SHA",
|
||||
[TLS_DHE_RSA_WITH_AES_128_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_DH_DSS_WITH_AES_256_CBC_SHA256] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_DH_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_DHE_DSS_WITH_AES_256_CBC_SHA256] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_DHE_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_DH_ANON_WITH_AES_128_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_DH_ANON_WITH_AES_256_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_PSK_WITH_RC4_128_SHA] = "TLS_PSK_WITH_RC4_128_SHA",
|
||||
[TLS_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_PSK_WITH_AES_128_CBC_SHA] = "TLS_PSK_WITH_AES_128_CBC_SHA",
|
||||
[TLS_PSK_WITH_AES_256_CBC_SHA] = "TLS_PSK_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DHE_PSK_WITH_RC4_128_SHA] = "TLS_DHE_PSK_WITH_RC4_128_SHA",
|
||||
[TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DHE_PSK_WITH_AES_128_CBC_SHA] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DHE_PSK_WITH_AES_256_CBC_SHA] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
|
||||
[TLS_RSA_PSK_WITH_RC4_128_SHA] = "TLS_RSA_PSK_WITH_RC4_128_SHA",
|
||||
[TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_RSA_PSK_WITH_AES_128_CBC_SHA] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
|
||||
[TLS_RSA_PSK_WITH_AES_256_CBC_SHA] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
|
||||
[TLS_RSA_WITH_SEED_CBC_SHA] = "TLS_RSA_WITH_SEED_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_SEED_CBC_SHA] = "TLS_DH_DSS_WITH_SEED_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_SEED_CBC_SHA] = "TLS_DH_RSA_WITH_SEED_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_SEED_CBC_SHA] = "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_SEED_CBC_SHA] = "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_SEED_CBC_SHA] = "TLS_DH_ANON_WITH_SEED_CBC_SHA",
|
||||
[TLS_RSA_WITH_AES_128_GCM_SHA256] = "TLS_RSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_RSA_WITH_AES_256_GCM_SHA384] = "TLS_RSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DHE_RSA_WITH_AES_128_GCM_SHA256] = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DHE_RSA_WITH_AES_256_GCM_SHA384] = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DH_RSA_WITH_AES_128_GCM_SHA256] = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DH_RSA_WITH_AES_256_GCM_SHA384] = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DHE_DSS_WITH_AES_128_GCM_SHA256] = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384] = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DH_DSS_WITH_AES_128_GCM_SHA256] = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DH_DSS_WITH_AES_256_GCM_SHA384] = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DH_ANON_WITH_AES_128_GCM_SHA256] = "TLS_DH_ANON_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DH_ANON_WITH_AES_256_GCM_SHA384] = "TLS_DH_ANON_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_PSK_WITH_AES_128_GCM_SHA256] = "TLS_PSK_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_PSK_WITH_AES_256_GCM_SHA384] = "TLS_PSK_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DHE_PSK_WITH_AES_128_GCM_SHA256] = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DHE_PSK_WITH_AES_256_GCM_SHA384] = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_RSA_PSK_WITH_AES_128_GCM_SHA256] = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_RSA_PSK_WITH_AES_256_GCM_SHA384] = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_PSK_WITH_AES_128_CBC_SHA256] = "TLS_PSK_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_PSK_WITH_AES_256_CBC_SHA384] = "TLS_PSK_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_PSK_WITH_NULL_SHA256] = "TLS_PSK_WITH_NULL_SHA256",
|
||||
[TLS_PSK_WITH_NULL_SHA384] = "TLS_PSK_WITH_NULL_SHA384",
|
||||
[TLS_DHE_PSK_WITH_AES_128_CBC_SHA256] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_DHE_PSK_WITH_AES_256_CBC_SHA384] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_DHE_PSK_WITH_NULL_SHA256] = "TLS_DHE_PSK_WITH_NULL_SHA256",
|
||||
[TLS_DHE_PSK_WITH_NULL_SHA384] = "TLS_DHE_PSK_WITH_NULL_SHA384",
|
||||
[TLS_RSA_PSK_WITH_AES_128_CBC_SHA256] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_RSA_PSK_WITH_AES_256_CBC_SHA384] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_RSA_PSK_WITH_NULL_SHA256] = "TLS_RSA_PSK_WITH_NULL_SHA256",
|
||||
[TLS_RSA_PSK_WITH_NULL_SHA384] = "TLS_RSA_PSK_WITH_NULL_SHA384",
|
||||
[TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_ECDH_ECDSA_WITH_NULL_SHA] = "TLS_ECDH_ECDSA_WITH_NULL_SHA",
|
||||
[TLS_ECDH_ECDSA_WITH_RC4_128_SHA] = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
|
||||
[TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_NULL_SHA] = "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDH_RSA_WITH_NULL_SHA] = "TLS_ECDH_RSA_WITH_NULL_SHA",
|
||||
[TLS_ECDH_RSA_WITH_RC4_128_SHA] = "TLS_ECDH_RSA_WITH_RC4_128_SHA",
|
||||
[TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDH_RSA_WITH_AES_128_CBC_SHA] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDH_RSA_WITH_AES_256_CBC_SHA] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDHE_RSA_WITH_NULL_SHA] = "TLS_ECDHE_RSA_WITH_NULL_SHA",
|
||||
[TLS_ECDHE_RSA_WITH_RC4_128_SHA] = "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
|
||||
[TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDH_ANON_WITH_NULL_SHA] = "TLS_ECDH_ANON_WITH_NULL_SHA",
|
||||
[TLS_ECDH_ANON_WITH_RC4_128_SHA] = "TLS_ECDH_ANON_WITH_RC4_128_SHA",
|
||||
[TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDH_ANON_WITH_AES_128_CBC_SHA] = "TLS_ECDH_ANON_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDH_ANON_WITH_AES_256_CBC_SHA] = "TLS_ECDH_ANON_WITH_AES_256_CBC_SHA",
|
||||
[TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_SRP_SHA_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
|
||||
[TLS_SRP_SHA_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_ECDHE_PSK_WITH_RC4_128_SHA] = "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
|
||||
[TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_ECDHE_PSK_WITH_NULL_SHA] = "TLS_ECDHE_PSK_WITH_NULL_SHA",
|
||||
[TLS_ECDHE_PSK_WITH_NULL_SHA256] = "TLS_ECDHE_PSK_WITH_NULL_SHA256",
|
||||
[TLS_ECDHE_PSK_WITH_NULL_SHA384] = "TLS_ECDHE_PSK_WITH_NULL_SHA384",
|
||||
[SSL_RSA_FIPS_WITH_DES_CBC_SHA] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA",
|
||||
[SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
|
||||
[SSL_RSA_FIPS_WITH_DES_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA_2",
|
||||
[SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2",
|
||||
} &default="UNKNOWN";
|
||||
|
||||
const x509_errors: table[count] of string = {
|
||||
[0] = "X509_V_OK",
|
||||
[1] = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT",
|
||||
[2] = "X509_V_ERR_UNABLE_TO_GET_CRL",
|
||||
[3] = "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE",
|
||||
[4] = "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE",
|
||||
[5] = "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY",
|
||||
[6] = "X509_V_ERR_CERT_SIGNATURE_FAILURE",
|
||||
[7] = "X509_V_ERR_CRL_SIGNATURE_FAILURE",
|
||||
[8] = "X509_V_ERR_CERT_NOT_YET_VALID",
|
||||
[9] = "X509_V_ERR_CERT_HAS_EXPIRED",
|
||||
[10] = "X509_V_ERR_CRL_NOT_YET_VALID",
|
||||
[11] = "X509_V_ERR_CRL_HAS_EXPIRED",
|
||||
[12] = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD",
|
||||
[13] = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD",
|
||||
[14] = "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD",
|
||||
[15] = "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD",
|
||||
[16] = "X509_V_ERR_OUT_OF_MEM",
|
||||
[17] = "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT",
|
||||
[18] = "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN",
|
||||
[19] = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY",
|
||||
[20] = "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE",
|
||||
[21] = "X509_V_ERR_CERT_CHAIN_TOO_LONG",
|
||||
[22] = "X509_V_ERR_CERT_REVOKED",
|
||||
[23] = "X509_V_ERR_INVALID_CA",
|
||||
[24] = "X509_V_ERR_PATH_LENGTH_EXCEEDED",
|
||||
[25] = "X509_V_ERR_INVALID_PURPOSE",
|
||||
[26] = "X509_V_ERR_CERT_UNTRUSTED",
|
||||
[27] = "X509_V_ERR_CERT_REJECTED",
|
||||
[28] = "X509_V_ERR_SUBJECT_ISSUER_MISMATCH",
|
||||
[29] = "X509_V_ERR_AKID_SKID_MISMATCH",
|
||||
[30] = "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH",
|
||||
[31] = "X509_V_ERR_KEYUSAGE_NO_CERTSIGN",
|
||||
[32] = "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
|
||||
[33] = "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION"
|
||||
};
|
||||
|
||||
}
|
||||
60
policy/protocols/ssl/known-certs.bro
Normal file
60
policy/protocols/ssl/known-certs.bro
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
|
||||
@load protocols/ssl
|
||||
@load utils/directions-and-hosts
|
||||
|
||||
module KnownCerts;
|
||||
|
||||
export {
|
||||
redef enum Log::ID += { KNOWN_CERTS };
|
||||
|
||||
type Info: record {
|
||||
## The timestamp when the certificate was detected.
|
||||
ts: time &log;
|
||||
## The address that offered the certificate.
|
||||
host: addr &log;
|
||||
## If the certificate was handed out by a server, this is the
|
||||
## port that the server was listening on.
|
||||
port_num: port &log &optional;
|
||||
## Certificate subject.
|
||||
subject: string &log &optional;
|
||||
## Certificate issuer subject.
|
||||
issuer_subject: string &log &optional;
|
||||
## Serial number for the certificate.
|
||||
serial: string &log &optional;
|
||||
};
|
||||
|
||||
## The certificates whose existence should be logged and tracked.
|
||||
## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
|
||||
const asset_tracking = LOCAL_HOSTS &redef;
|
||||
|
||||
## The set of all known certificates to store for preventing duplicate
|
||||
## logging. It can also be used from other scripts to
|
||||
## inspect if a certificate has been seen in use. The string value
|
||||
## in the set is for storing the certificate's serial number.
|
||||
global known_certs: set[addr, string] &create_expire=1day &synchronized &redef;
|
||||
|
||||
global log_known_certs: event(rec: Info);
|
||||
}
|
||||
|
||||
event bro_init()
|
||||
{
|
||||
Log::create_stream(KNOWN_CERTS, [$columns=Info, $ev=log_known_certs]);
|
||||
}
|
||||
|
||||
event x509_certificate(c: connection, cert: X509, is_server: bool, chain_idx: count, chain_len: count, der_cert: string)
|
||||
{
|
||||
# We aren't tracking client certificates yet.
|
||||
if ( ! is_server ) return;
|
||||
# We are also only tracking the primary cert.
|
||||
if ( chain_idx != 0 ) return;
|
||||
|
||||
local host = c$id$resp_h;
|
||||
if ( [host, cert$serial] !in known_certs && addr_matches_host(host, asset_tracking) )
|
||||
{
|
||||
add known_certs[host, cert$serial];
|
||||
Log::write(KNOWN_CERTS, [$ts=network_time(), $host=host,
|
||||
$port_num=c$id$resp_p, $subject=cert$subject,
|
||||
$issuer_subject=cert$issuer,
|
||||
$serial=cert$serial]);
|
||||
}
|
||||
}
|
||||
140
policy/protocols/ssl/mozilla-ca-list.bro
Normal file
140
policy/protocols/ssl/mozilla-ca-list.bro
Normal file
File diff suppressed because one or more lines are too long
|
|
@ -1,691 +0,0 @@
|
|||
module SSL;
|
||||
|
||||
## SSLv2
|
||||
const SSLv20_CK_RC4_128_WITH_MD5 = 0x010080;
|
||||
const SSLv20_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080;
|
||||
const SSLv20_CK_RC2_128_CBC_WITH_MD5 = 0x030080;
|
||||
const SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080;
|
||||
const SSLv20_CK_IDEA_128_CBC_WITH_MD5 = 0x050080;
|
||||
const SSLv20_CK_DES_64_CBC_WITH_MD5 = 0x060040;
|
||||
const SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0;
|
||||
|
||||
## TLS
|
||||
const TLS_NULL_WITH_NULL_NULL = 0x0000;
|
||||
const TLS_RSA_WITH_NULL_MD5 = 0x0001;
|
||||
const TLS_RSA_WITH_NULL_SHA = 0x0002;
|
||||
const TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003;
|
||||
const TLS_RSA_WITH_RC4_128_MD5 = 0x0004;
|
||||
const TLS_RSA_WITH_RC4_128_SHA = 0x0005;
|
||||
const TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006;
|
||||
const TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007;
|
||||
const TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008;
|
||||
const TLS_RSA_WITH_DES_CBC_SHA = 0x0009;
|
||||
const TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A;
|
||||
const TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B;
|
||||
const TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C;
|
||||
const TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D;
|
||||
const TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E;
|
||||
const TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F;
|
||||
const TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010;
|
||||
const TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011;
|
||||
const TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012;
|
||||
const TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013;
|
||||
const TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014;
|
||||
const TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015;
|
||||
const TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016;
|
||||
const TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017;
|
||||
const TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018;
|
||||
const TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019;
|
||||
const TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A;
|
||||
const TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B;
|
||||
const SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C;
|
||||
const SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D;
|
||||
const TLS_KRB5_WITH_DES_CBC_SHA = 0x001E;
|
||||
const TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F;
|
||||
const TLS_KRB5_WITH_RC4_128_SHA = 0x0020;
|
||||
const TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021;
|
||||
const TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022;
|
||||
const TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023;
|
||||
const TLS_KRB5_WITH_RC4_128_MD5 = 0x0024;
|
||||
const TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025;
|
||||
const TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026;
|
||||
const TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027;
|
||||
const TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028;
|
||||
const TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029;
|
||||
const TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A;
|
||||
const TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B;
|
||||
const TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F;
|
||||
const TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030;
|
||||
const TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031;
|
||||
const TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032;
|
||||
const TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033;
|
||||
const TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034;
|
||||
const TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035;
|
||||
const TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036;
|
||||
const TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037;
|
||||
const TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038;
|
||||
const TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039;
|
||||
const TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A;
|
||||
const TLS_RSA_WITH_NULL_SHA256 = 0x003B;
|
||||
const TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C;
|
||||
const TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D;
|
||||
const TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E;
|
||||
const TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F;
|
||||
const TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040;
|
||||
const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041;
|
||||
const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042;
|
||||
const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043;
|
||||
const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044;
|
||||
const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045;
|
||||
const TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046;
|
||||
const TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060;
|
||||
const TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061;
|
||||
const TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062;
|
||||
const TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063;
|
||||
const TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064;
|
||||
const TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065;
|
||||
const TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066;
|
||||
const TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067;
|
||||
const TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068;
|
||||
const TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069;
|
||||
const TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A;
|
||||
const TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B;
|
||||
const TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C;
|
||||
const TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D;
|
||||
const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084;
|
||||
const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085;
|
||||
const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086;
|
||||
const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087;
|
||||
const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088;
|
||||
const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089;
|
||||
const TLS_PSK_WITH_RC4_128_SHA = 0x008A;
|
||||
const TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B;
|
||||
const TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C;
|
||||
const TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D;
|
||||
const TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E;
|
||||
const TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F;
|
||||
const TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090;
|
||||
const TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091;
|
||||
const TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092;
|
||||
const TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093;
|
||||
const TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094;
|
||||
const TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095;
|
||||
const TLS_RSA_WITH_SEED_CBC_SHA = 0x0096;
|
||||
const TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097;
|
||||
const TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098;
|
||||
const TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099;
|
||||
const TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A;
|
||||
const TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B;
|
||||
const TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C;
|
||||
const TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D;
|
||||
const TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E;
|
||||
const TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F;
|
||||
const TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0;
|
||||
const TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1;
|
||||
const TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2;
|
||||
const TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3;
|
||||
const TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4;
|
||||
const TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5;
|
||||
const TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6;
|
||||
const TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7;
|
||||
const TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8;
|
||||
const TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9;
|
||||
const TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA;
|
||||
const TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB;
|
||||
const TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC;
|
||||
const TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD;
|
||||
const TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE;
|
||||
const TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF;
|
||||
const TLS_PSK_WITH_NULL_SHA256 = 0x00B0;
|
||||
const TLS_PSK_WITH_NULL_SHA384 = 0x00B1;
|
||||
const TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2;
|
||||
const TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3;
|
||||
const TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4;
|
||||
const TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5;
|
||||
const TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6;
|
||||
const TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7;
|
||||
const TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8;
|
||||
const TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9;
|
||||
const TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA;
|
||||
const TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB;
|
||||
const TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC;
|
||||
const TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD;
|
||||
const TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE;
|
||||
const TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF;
|
||||
const TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0;
|
||||
const TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1;
|
||||
const TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2;
|
||||
const TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3;
|
||||
const TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4;
|
||||
const TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5;
|
||||
const TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001;
|
||||
const TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002;
|
||||
const TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005;
|
||||
const TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006;
|
||||
const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007;
|
||||
const TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A;
|
||||
const TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B;
|
||||
const TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C;
|
||||
const TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D;
|
||||
const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E;
|
||||
const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F;
|
||||
const TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010;
|
||||
const TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011;
|
||||
const TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012;
|
||||
const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013;
|
||||
const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014;
|
||||
const TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015;
|
||||
const TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016;
|
||||
const TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017;
|
||||
const TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018;
|
||||
const TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019;
|
||||
const TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A;
|
||||
const TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B;
|
||||
const TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C;
|
||||
const TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D;
|
||||
const TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E;
|
||||
const TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F;
|
||||
const TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020;
|
||||
const TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021;
|
||||
const TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026;
|
||||
const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027;
|
||||
const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028;
|
||||
const TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029;
|
||||
const TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B;
|
||||
const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D;
|
||||
const TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E;
|
||||
const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F;
|
||||
const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030;
|
||||
const TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031;
|
||||
const TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032;
|
||||
const TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033;
|
||||
const TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034;
|
||||
const TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035;
|
||||
const TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036;
|
||||
const TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037;
|
||||
const TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038;
|
||||
const TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039;
|
||||
const TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A;
|
||||
const TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B;
|
||||
const SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE;
|
||||
const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF;
|
||||
const SSL_RSA_FIPS_WITH_DES_CBC_SHA_2 = 0xFFE1;
|
||||
const SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2 = 0xFFE0;
|
||||
const SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80;
|
||||
const SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81;
|
||||
const SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82;
|
||||
const SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83;
|
||||
const TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF;
|
||||
|
||||
|
||||
# Cipher specifications native to TLS can be included in Version 2.0 client
|
||||
# hello messages using the syntax below. Any V2CipherSpec element with its
|
||||
# first byte equal to zero will be ignored by Version 2.0 servers. Clients
|
||||
# sending any of the above V2CipherSpecs should also include the TLS equivalent
|
||||
# (see Appendix A.5):
|
||||
# V2CipherSpec (see TLS name) = { 0x00, CipherSuite };
|
||||
|
||||
|
||||
# --- This is a table of all known cipher specs.
|
||||
# --- It can be used for detecting unknown ciphers and for
|
||||
# --- converting the cipher spec constants into a human readable format.
|
||||
|
||||
const ssl_cipher_desc: table[count] of string = {
|
||||
# --- sslv20 ---
|
||||
[SSLv20_CK_RC4_128_EXPORT40_WITH_MD5] =
|
||||
"SSLv20_CK_RC4_128_EXPORT40_WITH_MD5",
|
||||
[SSLv20_CK_RC4_128_WITH_MD5] = "SSLv20_CK_RC4_128_WITH_MD5",
|
||||
[SSLv20_CK_RC2_128_CBC_WITH_MD5] = "SSLv20_CK_RC2_128_CBC_WITH_MD5",
|
||||
[SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5] =
|
||||
"SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5",
|
||||
[SSLv20_CK_IDEA_128_CBC_WITH_MD5] = "SSLv20_CK_IDEA_128_CBC_WITH_MD5",
|
||||
[SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5] =
|
||||
"SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5",
|
||||
[SSLv20_CK_DES_64_CBC_WITH_MD5] = "SSLv20_CK_DES_64_CBC_WITH_MD5",
|
||||
|
||||
# --- TLS ---
|
||||
[TLS_NULL_WITH_NULL_NULL] = "TLS_NULL_WITH_NULL_NULL",
|
||||
[TLS_RSA_WITH_NULL_MD5] = "TLS_RSA_WITH_NULL_MD5",
|
||||
[TLS_RSA_WITH_NULL_SHA] = "TLS_RSA_WITH_NULL_SHA",
|
||||
[TLS_RSA_EXPORT_WITH_RC4_40_MD5] = "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
|
||||
[TLS_RSA_WITH_RC4_128_MD5] = "TLS_RSA_WITH_RC4_128_MD5",
|
||||
[TLS_RSA_WITH_RC4_128_SHA] = "TLS_RSA_WITH_RC4_128_SHA",
|
||||
[TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5] = "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
|
||||
[TLS_RSA_WITH_IDEA_CBC_SHA] = "TLS_RSA_WITH_IDEA_CBC_SHA",
|
||||
[TLS_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_RSA_WITH_DES_CBC_SHA] = "TLS_RSA_WITH_DES_CBC_SHA",
|
||||
[TLS_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_DES_CBC_SHA] = "TLS_DH_DSS_WITH_DES_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_DES_CBC_SHA] = "TLS_DH_RSA_WITH_DES_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_DES_CBC_SHA] = "TLS_DHE_DSS_WITH_DES_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_DES_CBC_SHA] = "TLS_DHE_RSA_WITH_DES_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5] = "TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5",
|
||||
[TLS_DH_ANON_WITH_RC4_128_MD5] = "TLS_DH_ANON_WITH_RC4_128_MD5",
|
||||
[TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA] = "TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_DES_CBC_SHA] = "TLS_DH_ANON_WITH_DES_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA] = "TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA",
|
||||
[SSL_FORTEZZA_KEA_WITH_NULL_SHA] = "SSL_FORTEZZA_KEA_WITH_NULL_SHA",
|
||||
[SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA] = "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA",
|
||||
[TLS_KRB5_WITH_DES_CBC_SHA] = "TLS_KRB5_WITH_DES_CBC_SHA",
|
||||
[TLS_KRB5_WITH_3DES_EDE_CBC_SHA] = "TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_KRB5_WITH_RC4_128_SHA] = "TLS_KRB5_WITH_RC4_128_SHA",
|
||||
[TLS_KRB5_WITH_IDEA_CBC_SHA] = "TLS_KRB5_WITH_IDEA_CBC_SHA",
|
||||
[TLS_KRB5_WITH_DES_CBC_MD5] = "TLS_KRB5_WITH_DES_CBC_MD5",
|
||||
[TLS_KRB5_WITH_3DES_EDE_CBC_MD5] = "TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
|
||||
[TLS_KRB5_WITH_RC4_128_MD5] = "TLS_KRB5_WITH_RC4_128_MD5",
|
||||
[TLS_KRB5_WITH_IDEA_CBC_MD5] = "TLS_KRB5_WITH_IDEA_CBC_MD5",
|
||||
[TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
|
||||
[TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA",
|
||||
[TLS_KRB5_EXPORT_WITH_RC4_40_SHA] = "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
|
||||
[TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5",
|
||||
[TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5",
|
||||
[TLS_KRB5_EXPORT_WITH_RC4_40_MD5] = "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
|
||||
[TLS_RSA_WITH_AES_128_CBC_SHA] = "TLS_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_AES_128_CBC_SHA] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_AES_128_CBC_SHA] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_AES_128_CBC_SHA] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_AES_128_CBC_SHA] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_AES_128_CBC_SHA] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA",
|
||||
[TLS_RSA_WITH_AES_256_CBC_SHA] = "TLS_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_AES_256_CBC_SHA] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_AES_256_CBC_SHA] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_AES_256_CBC_SHA] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_AES_256_CBC_SHA] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_AES_256_CBC_SHA] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA",
|
||||
[TLS_RSA_WITH_NULL_SHA256] = "TLS_RSA_WITH_NULL_SHA256",
|
||||
[TLS_RSA_WITH_AES_128_CBC_SHA256] = "TLS_RSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_RSA_WITH_AES_256_CBC_SHA256] = "TLS_RSA_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_DH_DSS_WITH_AES_128_CBC_SHA256] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_DH_RSA_WITH_AES_128_CBC_SHA256] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_DHE_DSS_WITH_AES_128_CBC_SHA256] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA] = "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA",
|
||||
[TLS_RSA_EXPORT1024_WITH_RC4_56_MD5] = "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5",
|
||||
[TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5] = "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5",
|
||||
[TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA] = "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",
|
||||
[TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA] = "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA",
|
||||
[TLS_RSA_EXPORT1024_WITH_RC4_56_SHA] = "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",
|
||||
[TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA] = "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",
|
||||
[TLS_DHE_DSS_WITH_RC4_128_SHA] = "TLS_DHE_DSS_WITH_RC4_128_SHA",
|
||||
[TLS_DHE_RSA_WITH_AES_128_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_DH_DSS_WITH_AES_256_CBC_SHA256] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_DH_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_DHE_DSS_WITH_AES_256_CBC_SHA256] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_DHE_RSA_WITH_AES_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_DH_ANON_WITH_AES_128_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_DH_ANON_WITH_AES_256_CBC_SHA256] = "TLS_DH_ANON_WITH_AES_256_CBC_SHA256",
|
||||
[TLS_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA",
|
||||
[TLS_PSK_WITH_RC4_128_SHA] = "TLS_PSK_WITH_RC4_128_SHA",
|
||||
[TLS_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_PSK_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_PSK_WITH_AES_128_CBC_SHA] = "TLS_PSK_WITH_AES_128_CBC_SHA",
|
||||
[TLS_PSK_WITH_AES_256_CBC_SHA] = "TLS_PSK_WITH_AES_256_CBC_SHA",
|
||||
[TLS_DHE_PSK_WITH_RC4_128_SHA] = "TLS_DHE_PSK_WITH_RC4_128_SHA",
|
||||
[TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_DHE_PSK_WITH_AES_128_CBC_SHA] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA",
|
||||
[TLS_DHE_PSK_WITH_AES_256_CBC_SHA] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA",
|
||||
[TLS_RSA_PSK_WITH_RC4_128_SHA] = "TLS_RSA_PSK_WITH_RC4_128_SHA",
|
||||
[TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_RSA_PSK_WITH_AES_128_CBC_SHA] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA",
|
||||
[TLS_RSA_PSK_WITH_AES_256_CBC_SHA] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA",
|
||||
[TLS_RSA_WITH_SEED_CBC_SHA] = "TLS_RSA_WITH_SEED_CBC_SHA",
|
||||
[TLS_DH_DSS_WITH_SEED_CBC_SHA] = "TLS_DH_DSS_WITH_SEED_CBC_SHA",
|
||||
[TLS_DH_RSA_WITH_SEED_CBC_SHA] = "TLS_DH_RSA_WITH_SEED_CBC_SHA",
|
||||
[TLS_DHE_DSS_WITH_SEED_CBC_SHA] = "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
|
||||
[TLS_DHE_RSA_WITH_SEED_CBC_SHA] = "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
|
||||
[TLS_DH_ANON_WITH_SEED_CBC_SHA] = "TLS_DH_ANON_WITH_SEED_CBC_SHA",
|
||||
[TLS_RSA_WITH_AES_128_GCM_SHA256] = "TLS_RSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_RSA_WITH_AES_256_GCM_SHA384] = "TLS_RSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DHE_RSA_WITH_AES_128_GCM_SHA256] = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DHE_RSA_WITH_AES_256_GCM_SHA384] = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DH_RSA_WITH_AES_128_GCM_SHA256] = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DH_RSA_WITH_AES_256_GCM_SHA384] = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DHE_DSS_WITH_AES_128_GCM_SHA256] = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DHE_DSS_WITH_AES_256_GCM_SHA384] = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DH_DSS_WITH_AES_128_GCM_SHA256] = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DH_DSS_WITH_AES_256_GCM_SHA384] = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DH_ANON_WITH_AES_128_GCM_SHA256] = "TLS_DH_ANON_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DH_ANON_WITH_AES_256_GCM_SHA384] = "TLS_DH_ANON_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_PSK_WITH_AES_128_GCM_SHA256] = "TLS_PSK_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_PSK_WITH_AES_256_GCM_SHA384] = "TLS_PSK_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_DHE_PSK_WITH_AES_128_GCM_SHA256] = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_DHE_PSK_WITH_AES_256_GCM_SHA384] = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_RSA_PSK_WITH_AES_128_GCM_SHA256] = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_RSA_PSK_WITH_AES_256_GCM_SHA384] = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_PSK_WITH_AES_128_CBC_SHA256] = "TLS_PSK_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_PSK_WITH_AES_256_CBC_SHA384] = "TLS_PSK_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_PSK_WITH_NULL_SHA256] = "TLS_PSK_WITH_NULL_SHA256",
|
||||
[TLS_PSK_WITH_NULL_SHA384] = "TLS_PSK_WITH_NULL_SHA384",
|
||||
[TLS_DHE_PSK_WITH_AES_128_CBC_SHA256] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_DHE_PSK_WITH_AES_256_CBC_SHA384] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_DHE_PSK_WITH_NULL_SHA256] = "TLS_DHE_PSK_WITH_NULL_SHA256",
|
||||
[TLS_DHE_PSK_WITH_NULL_SHA384] = "TLS_DHE_PSK_WITH_NULL_SHA384",
|
||||
[TLS_RSA_PSK_WITH_AES_128_CBC_SHA256] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_RSA_PSK_WITH_AES_256_CBC_SHA384] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_RSA_PSK_WITH_NULL_SHA256] = "TLS_RSA_PSK_WITH_NULL_SHA256",
|
||||
[TLS_RSA_PSK_WITH_NULL_SHA384] = "TLS_RSA_PSK_WITH_NULL_SHA384",
|
||||
[TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256",
|
||||
[TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256] = "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256",
|
||||
[TLS_ECDH_ECDSA_WITH_NULL_SHA] = "TLS_ECDH_ECDSA_WITH_NULL_SHA",
|
||||
[TLS_ECDH_ECDSA_WITH_RC4_128_SHA] = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
|
||||
[TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_NULL_SHA] = "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_RC4_128_SHA] = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDH_RSA_WITH_NULL_SHA] = "TLS_ECDH_RSA_WITH_NULL_SHA",
|
||||
[TLS_ECDH_RSA_WITH_RC4_128_SHA] = "TLS_ECDH_RSA_WITH_RC4_128_SHA",
|
||||
[TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDH_RSA_WITH_AES_128_CBC_SHA] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDH_RSA_WITH_AES_256_CBC_SHA] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDHE_RSA_WITH_NULL_SHA] = "TLS_ECDHE_RSA_WITH_NULL_SHA",
|
||||
[TLS_ECDHE_RSA_WITH_RC4_128_SHA] = "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
|
||||
[TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDH_ANON_WITH_NULL_SHA] = "TLS_ECDH_ANON_WITH_NULL_SHA",
|
||||
[TLS_ECDH_ANON_WITH_RC4_128_SHA] = "TLS_ECDH_ANON_WITH_RC4_128_SHA",
|
||||
[TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDH_ANON_WITH_AES_128_CBC_SHA] = "TLS_ECDH_ANON_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDH_ANON_WITH_AES_256_CBC_SHA] = "TLS_ECDH_ANON_WITH_AES_256_CBC_SHA",
|
||||
[TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_SRP_SHA_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
|
||||
[TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
|
||||
[TLS_SRP_SHA_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
|
||||
[TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA] = "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256] = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",
|
||||
[TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384] = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",
|
||||
[TLS_ECDHE_PSK_WITH_RC4_128_SHA] = "TLS_ECDHE_PSK_WITH_RC4_128_SHA",
|
||||
[TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA] = "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA",
|
||||
[TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA",
|
||||
[TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA",
|
||||
[TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",
|
||||
[TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384",
|
||||
[TLS_ECDHE_PSK_WITH_NULL_SHA] = "TLS_ECDHE_PSK_WITH_NULL_SHA",
|
||||
[TLS_ECDHE_PSK_WITH_NULL_SHA256] = "TLS_ECDHE_PSK_WITH_NULL_SHA256",
|
||||
[TLS_ECDHE_PSK_WITH_NULL_SHA384] = "TLS_ECDHE_PSK_WITH_NULL_SHA384",
|
||||
[SSL_RSA_FIPS_WITH_DES_CBC_SHA] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA",
|
||||
[SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA",
|
||||
[SSL_RSA_FIPS_WITH_DES_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA_2",
|
||||
[SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2",
|
||||
} &default="UNKNOWN";
|
||||
|
||||
|
||||
# --- the following sets are provided for convenience
|
||||
|
||||
# --- this set holds all EXPORT ciphers
|
||||
const ssl_cipherset_EXPORT: set[count] = {
|
||||
SSLv20_CK_RC4_128_EXPORT40_WITH_MD5,
|
||||
SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
|
||||
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
|
||||
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
||||
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5,
|
||||
TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
|
||||
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,
|
||||
TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
|
||||
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
|
||||
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,
|
||||
TLS_KRB5_EXPORT_WITH_RC4_40_MD5,
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5,
|
||||
TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
|
||||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
||||
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
|
||||
};
|
||||
|
||||
# --- this set holds all DES ciphers
|
||||
const ssl_cipherset_DES: set[count] = {
|
||||
SSLv20_CK_DES_64_CBC_WITH_MD5,
|
||||
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_RSA_WITH_DES_CBC_SHA,
|
||||
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_DH_DSS_WITH_DES_CBC_SHA,
|
||||
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_DH_RSA_WITH_DES_CBC_SHA,
|
||||
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_DES_CBC_SHA,
|
||||
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
||||
TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
|
||||
TLS_DH_ANON_WITH_DES_CBC_SHA,
|
||||
TLS_KRB5_WITH_DES_CBC_SHA,
|
||||
TLS_KRB5_WITH_DES_CBC_MD5,
|
||||
TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
|
||||
TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
|
||||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
SSL_RSA_FIPS_WITH_DES_CBC_SHA,
|
||||
SSL_RSA_FIPS_WITH_DES_CBC_SHA_2,
|
||||
};
|
||||
|
||||
|
||||
# --- this set holds all 3DES ciphers
|
||||
const ssl_cipherset_3DES: set[count] = {
|
||||
SSLv20_CK_DES_192_EDE3_CBC_WITH_MD5,
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_KRB5_WITH_3DES_EDE_CBC_MD5,
|
||||
TLS_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
|
||||
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA_2,
|
||||
};
|
||||
|
||||
# --- this set holds all RC2 ciphers
|
||||
const ssl_cipherset_RC2: set[count] = {
|
||||
SSLv20_CK_RC2_128_CBC_WITH_MD5,
|
||||
SSLv20_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
|
||||
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
||||
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,
|
||||
TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,
|
||||
TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
|
||||
};
|
||||
|
||||
# --- this set holds all RC4 ciphers
|
||||
const ssl_cipherset_RC4: set[count] = {
|
||||
SSLv20_CK_RC4_128_WITH_MD5,
|
||||
SSLv20_CK_RC4_128_EXPORT40_WITH_MD5,
|
||||
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
|
||||
TLS_RSA_WITH_RC4_128_MD5,
|
||||
TLS_RSA_WITH_RC4_128_SHA,
|
||||
TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5,
|
||||
TLS_DH_ANON_WITH_RC4_128_MD5,
|
||||
TLS_KRB5_WITH_RC4_128_SHA,
|
||||
TLS_KRB5_WITH_RC4_128_MD5,
|
||||
TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
|
||||
TLS_KRB5_EXPORT_WITH_RC4_40_MD5,
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5,
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
||||
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
|
||||
TLS_DHE_DSS_WITH_RC4_128_SHA,
|
||||
TLS_PSK_WITH_RC4_128_SHA,
|
||||
TLS_DHE_PSK_WITH_RC4_128_SHA,
|
||||
TLS_RSA_PSK_WITH_RC4_128_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
TLS_ECDH_ANON_WITH_RC4_128_SHA,
|
||||
TLS_ECDHE_PSK_WITH_RC4_128_SHA,
|
||||
};
|
||||
|
||||
# --- this set holds all IDEA ciphers
|
||||
const ssl_cipherset_IDEA: set[count] = {
|
||||
SSLv20_CK_IDEA_128_CBC_WITH_MD5,
|
||||
TLS_RSA_WITH_IDEA_CBC_SHA,
|
||||
TLS_KRB5_WITH_IDEA_CBC_SHA,
|
||||
TLS_KRB5_WITH_IDEA_CBC_MD5
|
||||
};
|
||||
|
||||
# --- this set holds all AES ciphers
|
||||
const ssl_cipherset_AES: set[count] = {
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_DH_DSS_WITH_AES_128_CBC_SHA,
|
||||
TLS_DH_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_DH_ANON_WITH_AES_128_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_DH_DSS_WITH_AES_256_CBC_SHA,
|
||||
TLS_DH_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_DH_ANON_WITH_AES_256_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||
TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
|
||||
TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
|
||||
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
|
||||
TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
|
||||
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
|
||||
TLS_DH_ANON_WITH_AES_128_CBC_SHA256,
|
||||
TLS_DH_ANON_WITH_AES_256_CBC_SHA256,
|
||||
TLS_PSK_WITH_AES_128_CBC_SHA,
|
||||
TLS_PSK_WITH_AES_256_CBC_SHA,
|
||||
TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
|
||||
TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
|
||||
TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
|
||||
TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
|
||||
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
|
||||
TLS_DH_DSS_WITH_AES_128_GCM_SHA256,
|
||||
TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
|
||||
TLS_DH_ANON_WITH_AES_128_GCM_SHA256,
|
||||
TLS_DH_ANON_WITH_AES_256_GCM_SHA384,
|
||||
TLS_PSK_WITH_AES_128_GCM_SHA256,
|
||||
TLS_PSK_WITH_AES_256_GCM_SHA384,
|
||||
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
|
||||
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
||||
TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
|
||||
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
|
||||
TLS_PSK_WITH_AES_128_CBC_SHA256,
|
||||
TLS_PSK_WITH_AES_256_CBC_SHA384,
|
||||
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
|
||||
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDH_ANON_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDH_ANON_WITH_AES_256_CBC_SHA,
|
||||
TLS_SRP_SHA_WITH_AES_128_CBC_SHA,
|
||||
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
|
||||
TLS_SRP_SHA_WITH_AES_256_CBC_SHA,
|
||||
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
|
||||
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
|
||||
};
|
||||
|
|
@ -1,74 +0,0 @@
|
|||
# $Id: ssl-errors.bro 6 2004-04-30 00:31:26Z jason $
|
||||
|
||||
# --- const defns of error messages
|
||||
const X509_V_OK = +0;
|
||||
const X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = +1;
|
||||
const X509_V_ERR_UNABLE_TO_GET_CRL = +2;
|
||||
const X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE = +3;
|
||||
const X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE = +4;
|
||||
const X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY = +5;
|
||||
const X509_V_ERR_CERT_SIGNATURE_FAILURE = +6;
|
||||
const X509_V_ERR_CRL_SIGNATURE_FAILURE = +7;
|
||||
const X509_V_ERR_CERT_NOT_YET_VALID = +8;
|
||||
const X509_V_ERR_CERT_HAS_EXPIRED = +9;
|
||||
const X509_V_ERR_CRL_NOT_YET_VALID = +10;
|
||||
const X509_V_ERR_CRL_HAS_EXPIRED = +11;
|
||||
const X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = +12;
|
||||
const X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = +13;
|
||||
const X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD = +14;
|
||||
const X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD = +15;
|
||||
const X509_V_ERR_OUT_OF_MEM = +16;
|
||||
const X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = +17;
|
||||
const X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN = +18;
|
||||
const X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY = +19;
|
||||
const X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE = +20;
|
||||
const X509_V_ERR_CERT_CHAIN_TOO_LONG = +21;
|
||||
const X509_V_ERR_CERT_REVOKED = +22;
|
||||
const X509_V_ERR_INVALID_CA = +23;
|
||||
const X509_V_ERR_PATH_LENGTH_EXCEEDED = +24;
|
||||
const X509_V_ERR_INVALID_PURPOSE = +25;
|
||||
const X509_V_ERR_CERT_UNTRUSTED = +26;
|
||||
const X509_V_ERR_CERT_REJECTED = +27;
|
||||
const X509_V_ERR_SUBJECT_ISSUER_MISMATCH = +28;
|
||||
const X509_V_ERR_AKID_SKID_MISMATCH = +29;
|
||||
const X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH = +30;
|
||||
const X509_V_ERR_KEYUSAGE_NO_CERTSIGN = +31;
|
||||
const X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER = +32;
|
||||
const X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION = +33;
|
||||
|
||||
const x509_errors: table[int] of string = {
|
||||
[+0] = "X509_V_OK",
|
||||
[+1] = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT",
|
||||
[+2] = "X509_V_ERR_UNABLE_TO_GET_CRL",
|
||||
[+3] = "X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE",
|
||||
[+4] = "X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE",
|
||||
[+5] = "X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY",
|
||||
[+6] = "X509_V_ERR_CERT_SIGNATURE_FAILURE",
|
||||
[+7] = "X509_V_ERR_CRL_SIGNATURE_FAILURE",
|
||||
[+8] = "X509_V_ERR_CERT_NOT_YET_VALID",
|
||||
[+9] = "X509_V_ERR_CERT_HAS_EXPIRED",
|
||||
[+10] = "X509_V_ERR_CRL_NOT_YET_VALID",
|
||||
[+11] = "X509_V_ERR_CRL_HAS_EXPIRED",
|
||||
[+12] = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD",
|
||||
[+13] = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD",
|
||||
[+14] = "X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD",
|
||||
[+15] = "X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD",
|
||||
[+16] = "X509_V_ERR_OUT_OF_MEM",
|
||||
[+17] = "X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT",
|
||||
[+18] = "X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN",
|
||||
[+19] = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY",
|
||||
[+20] = "X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE",
|
||||
[+21] = "X509_V_ERR_CERT_CHAIN_TOO_LONG",
|
||||
[+22] = "X509_V_ERR_CERT_REVOKED",
|
||||
[+23] = "X509_V_ERR_INVALID_CA",
|
||||
[+24] = "X509_V_ERR_PATH_LENGTH_EXCEEDED",
|
||||
[+25] = "X509_V_ERR_INVALID_PURPOSE",
|
||||
[+26] = "X509_V_ERR_CERT_UNTRUSTED",
|
||||
[+27] = "X509_V_ERR_CERT_REJECTED",
|
||||
[+28] = "X509_V_ERR_SUBJECT_ISSUER_MISMATCH",
|
||||
[+29] = "X509_V_ERR_AKID_SKID_MISMATCH",
|
||||
[+30] = "X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH",
|
||||
[+31] = "X509_V_ERR_KEYUSAGE_NO_CERTSIGN",
|
||||
[+32] = "X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER",
|
||||
[+33] = "X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION"
|
||||
};
|
||||
|
|
@ -50,9 +50,9 @@ export {
|
|||
handshake_cipher: string &default=""; # agreed-upon cipher for session/conn.
|
||||
};
|
||||
|
||||
# Certificates presented by which hosts to record.
|
||||
# Choices are: LocalHosts, RemoteHosts, Enabled, Disabled
|
||||
const logging = LocalHosts &redef;
|
||||
## Certificates presented by which hosts to record.
|
||||
## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
|
||||
const asset_tracking = default_asset_tracking &redef;
|
||||
|
||||
# If set to T, this will split local and remote certs
|
||||
# into separate files. F merges everything into a single file.
|
||||
File diff suppressed because one or more lines are too long
|
|
@ -11,5 +11,7 @@
|
|||
redef Notice::ignored_types += {
|
||||
Weird::ContentGap,
|
||||
Weird::AckAboveHole,
|
||||
DPD::ProtocolViolation
|
||||
Weird::RetransmissionInconsistency,
|
||||
Weird::WeirdActivity, # Only allow these to go in the weird log.
|
||||
DPD::ProtocolViolation,
|
||||
};
|
||||
|
|
@ -2,7 +2,9 @@
|
|||
@load software
|
||||
@load conn/known-hosts
|
||||
@load conn/known-services
|
||||
@load ssl/known-certs
|
||||
|
||||
redef Software::asset_tracking = ALL_HOSTS;
|
||||
redef KnownHosts::asset_tracking = ALL_HOSTS;
|
||||
redef KnownServices::asset_tracking = ALL_HOSTS;
|
||||
redef KnownServices::asset_tracking = ALL_HOSTS;
|
||||
redef KnownCerts::asset_tracking = ALL_HOSTS;
|
||||
|
|
|
|||
|
|
@ -3,9 +3,11 @@
|
|||
#include <string>
|
||||
#include <list>
|
||||
#include <algorithm>
|
||||
#include <libgen.h>
|
||||
|
||||
#include "BroDoc.h"
|
||||
#include "BroDocObj.h"
|
||||
#include "util.h"
|
||||
|
||||
BroDoc::BroDoc(const std::string& rel, const std::string& abs)
|
||||
{
|
||||
|
|
@ -16,25 +18,19 @@ BroDoc::BroDoc(const std::string& rel, const std::string& abs)
|
|||
else
|
||||
source_filename = abs.substr(f_pos + 1);
|
||||
|
||||
if ( rel == abs )
|
||||
if ( rel[0] == '/' || rel[0] == '.' )
|
||||
{
|
||||
// The Bro script must have been loaded from an explicit path,
|
||||
// so just use the basename as the document title
|
||||
// The Bro script must not be on a subpath of the policy/ dir of
|
||||
// BROPATH, so just use the basename as the document title.
|
||||
doc_title = source_filename;
|
||||
}
|
||||
else
|
||||
{
|
||||
// Must have relied on BROPATH to load the script, keep the relative
|
||||
// directory as part of the source file name
|
||||
size_t ext_pos = rel.find_last_of('.');
|
||||
std::string rel_ext = rel.substr(ext_pos + 1);
|
||||
ext_pos = abs.find_last_of('.');
|
||||
std::string abs_ext = abs.substr(ext_pos + 1);
|
||||
|
||||
if ( rel_ext == abs_ext || std::string::npos == ext_pos )
|
||||
doc_title = rel;
|
||||
// Keep the relative directory as part of the document title.
|
||||
if ( rel.size() == 0 || rel[rel.size() - 1] == '/' )
|
||||
doc_title = rel + source_filename;
|
||||
else
|
||||
doc_title = rel + "." + abs_ext;
|
||||
doc_title = rel + "/" + source_filename;
|
||||
}
|
||||
|
||||
reST_filename = doc_title;
|
||||
|
|
@ -60,7 +56,7 @@ BroDoc::BroDoc(const std::string& rel, const std::string& abs)
|
|||
|
||||
#ifdef DEBUG
|
||||
fprintf(stdout, "Documenting absolute source: %s\n", abs.c_str());
|
||||
fprintf(stdout, "\trelative load: %s\n", rel.c_str());
|
||||
fprintf(stdout, "\trelative dir: %s\n", rel.c_str());
|
||||
fprintf(stdout, "\tdoc title: %s\n", doc_title.c_str());
|
||||
fprintf(stdout, "\tbro file: %s\n", source_filename.c_str());
|
||||
fprintf(stdout, "\trst file: %s\n", reST_filename.c_str());
|
||||
|
|
@ -77,12 +73,59 @@ BroDoc::~BroDoc()
|
|||
|
||||
void BroDoc::AddImport(const std::string& s)
|
||||
{
|
||||
size_t ext_pos = s.find_last_of('.');
|
||||
std::string lname(s);
|
||||
// First strip any .bro extension.
|
||||
size_t ext_pos = lname.find(".bro");
|
||||
if ( ext_pos != std::string::npos )
|
||||
lname = lname.substr(0, ext_pos);
|
||||
|
||||
if ( ext_pos == std::string::npos )
|
||||
imports.push_back(s);
|
||||
const char* full_filename = "<error>";
|
||||
const char* subpath = "<error>";
|
||||
FILE* f = search_for_file(lname.c_str(), "bro", &full_filename, true,
|
||||
&subpath);
|
||||
|
||||
if ( f )
|
||||
{
|
||||
fclose(f);
|
||||
|
||||
char* tmp = copy_string(full_filename);
|
||||
char* filename = basename(tmp);
|
||||
extern char* PACKAGE_LOADER;
|
||||
|
||||
if ( streq(filename, PACKAGE_LOADER) )
|
||||
{
|
||||
// link to the package's index
|
||||
string pkg(subpath);
|
||||
pkg += "/index";
|
||||
imports.push_back(pkg);
|
||||
}
|
||||
else
|
||||
{
|
||||
if ( subpath[0] == '/' || subpath[0] == '.' )
|
||||
{
|
||||
// it's not a subpath of policy/, so just add the name of it
|
||||
// as it's given in the @load directive
|
||||
imports.push_back(lname);
|
||||
}
|
||||
else
|
||||
{
|
||||
// combine the base file name of script in the @load directive
|
||||
// with the subpath of BROPATH's policy/ directory
|
||||
string fname(subpath);
|
||||
char* othertmp = copy_string(lname.c_str());
|
||||
fname.append("/").append(basename(othertmp));
|
||||
imports.push_back(fname);
|
||||
delete [] othertmp;
|
||||
}
|
||||
}
|
||||
|
||||
delete [] tmp;
|
||||
delete [] full_filename;
|
||||
delete [] subpath;
|
||||
}
|
||||
else
|
||||
imports.push_back(s.substr(0, ext_pos));
|
||||
fprintf(stderr, "Failed to document '@load %s' in file: %s\n",
|
||||
s.c_str(), reST_filename.c_str());
|
||||
}
|
||||
|
||||
void BroDoc::SetPacketFilter(const std::string& s)
|
||||
|
|
@ -138,7 +181,11 @@ void BroDoc::WriteDocFile() const
|
|||
if ( it != imports.begin() )
|
||||
WriteToDoc(", ");
|
||||
|
||||
WriteToDoc(":doc:`%s </policy/%s>`", it->c_str(), it->c_str());
|
||||
string pretty(*it);
|
||||
size_t pos = pretty.find("/index");
|
||||
if ( pos != std::string::npos && pos + 6 == pretty.size() )
|
||||
pretty = pretty.substr(0, pos);
|
||||
WriteToDoc(":doc:`%s </policy/%s>`", pretty.c_str(), it->c_str());
|
||||
}
|
||||
WriteToDoc("\n");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,9 +24,11 @@ public:
|
|||
* If the filename doesn't end in ".bro", then ".rst" is just appended.
|
||||
* Any '/' characters in the reST file name that result from choice of
|
||||
* the 'rel' parameter are replaced with '^'.
|
||||
* @param rel A string representing the path relative to BROPATH off of
|
||||
* which the source file is loaded or generally any filesystem
|
||||
* path to a Bro script. May or may not have .bro file extension.
|
||||
* @param subpath A string representing a subpath of BROPATH's policy/
|
||||
* directory in which the source file is located. It can
|
||||
* also be full path to the file or a full path that's in BROPATH,
|
||||
* but in either of those cases, the parameter is essentially
|
||||
* ignored and the document title is just derived from file name
|
||||
* @param abs The absolute path to the Bro script for which to generate
|
||||
* documentation.
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -343,7 +343,7 @@ vector<ParseLocationRec> parse_location_string(const string& s)
|
|||
plr.type = plrUnknown;
|
||||
|
||||
FILE* throwaway = search_for_file(filename.c_str(), "bro",
|
||||
&full_filename, true);
|
||||
&full_filename, true, 0);
|
||||
if ( ! throwaway )
|
||||
{
|
||||
debug_msg("No such policy file: %s.\n", filename.c_str());
|
||||
|
|
|
|||
|
|
@ -295,7 +295,7 @@ void OSFingerprint::load_config(const char* file)
|
|||
uint32 ln=0;
|
||||
char buf[MAXLINE];
|
||||
char* p;
|
||||
FILE* c = search_for_file( file, "osf", 0, false);
|
||||
FILE* c = search_for_file(file, "osf", 0, false, 0);
|
||||
|
||||
if (!c)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -197,7 +197,7 @@ bool RuleMatcher::ReadFiles(const name_list& files)
|
|||
|
||||
for ( int i = 0; i < files.length(); ++i )
|
||||
{
|
||||
rules_in = search_for_file( files[i], "sig", 0, false);
|
||||
rules_in = search_for_file(files[i], "sig", 0, false, 0);
|
||||
if ( ! rules_in )
|
||||
{
|
||||
error("Can't open signature file", files[i]);
|
||||
|
|
|
|||
|
|
@ -2,17 +2,10 @@
|
|||
#include "TCP_Reassembler.h"
|
||||
#include "util.h"
|
||||
|
||||
|
||||
bool SSL_Analyzer_binpac::warnings_generated = false;
|
||||
|
||||
SSL_Analyzer_binpac::SSL_Analyzer_binpac(Connection* c)
|
||||
: TCP_ApplicationAnalyzer(AnalyzerTag::SSL, c)
|
||||
{
|
||||
interp = new binpac::SSL::SSLAnalyzer;
|
||||
interp->set_bro_analyzer(this);
|
||||
|
||||
if ( ! warnings_generated )
|
||||
generate_warnings();
|
||||
interp = new binpac::SSL::SSL_Conn(this);
|
||||
}
|
||||
|
||||
SSL_Analyzer_binpac::~SSL_Analyzer_binpac()
|
||||
|
|
@ -51,18 +44,3 @@ void SSL_Analyzer_binpac::Undelivered(int seq, int len, bool orig)
|
|||
TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
|
||||
interp->NewGap(orig, len);
|
||||
}
|
||||
|
||||
void SSL_Analyzer_binpac::warn_(const char* msg)
|
||||
{
|
||||
warn("SSL_Analyzer_binpac: ", msg);
|
||||
}
|
||||
|
||||
void SSL_Analyzer_binpac::generate_warnings()
|
||||
{
|
||||
if ( ssl_store_certificates )
|
||||
warn_("storage of certificates (ssl_store_certificates) not supported");
|
||||
if ( ssl_store_key_material )
|
||||
warn_("storage of key material (ssl_store_key_material) not supported");
|
||||
|
||||
warnings_generated = true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,9 +10,12 @@ public:
|
|||
SSL_Analyzer_binpac(Connection* conn);
|
||||
virtual ~SSL_Analyzer_binpac();
|
||||
|
||||
// Overriden from Analyzer.
|
||||
virtual void Done();
|
||||
virtual void DeliverStream(int len, const u_char* data, bool orig);
|
||||
virtual void Undelivered(int seq, int len, bool orig);
|
||||
|
||||
// Overriden from TCP_ApplicationAnalyzer.
|
||||
virtual void EndpointEOF(TCP_Reassembler* endp);
|
||||
|
||||
static Analyzer* InstantiateAnalyzer(Connection* conn)
|
||||
|
|
@ -25,12 +28,9 @@ public:
|
|||
x509_certificate || x509_extension || x509_error );
|
||||
}
|
||||
|
||||
static bool warnings_generated;
|
||||
static void warn_(const char* msg);
|
||||
static void generate_warnings();
|
||||
|
||||
protected:
|
||||
binpac::SSL::SSLAnalyzer* interp;
|
||||
binpac::SSL::SSL_Conn* interp;
|
||||
|
||||
};
|
||||
|
||||
#endif
|
||||
|
|
|
|||
10
src/scan.l
10
src/scan.l
|
|
@ -348,7 +348,7 @@ when return TOK_WHEN;
|
|||
|
||||
// All we have to do is pretend we've already scanned it.
|
||||
const char* full_filename;
|
||||
FILE* f = search_for_file(new_file, "bro", &full_filename, true);
|
||||
FILE* f = search_for_file(new_file, "bro", &full_filename, true, 0);
|
||||
|
||||
if ( f )
|
||||
{
|
||||
|
|
@ -537,6 +537,7 @@ static int load_files_with_prefix(const char* orig_file)
|
|||
const char* prefix = prefixes[i];
|
||||
|
||||
const char* full_filename = "<internal error>";
|
||||
const char* bropath_subpath = "<internal error>";
|
||||
FILE* f;
|
||||
|
||||
if ( streq(orig_file, "-") )
|
||||
|
|
@ -561,7 +562,7 @@ static int load_files_with_prefix(const char* orig_file)
|
|||
else
|
||||
strcpy(new_filename, orig_file);
|
||||
|
||||
f = search_for_file(new_filename, "bro", &full_filename, true);
|
||||
f = search_for_file(new_filename, "bro", &full_filename, true, &bropath_subpath);
|
||||
delete [] new_filename;
|
||||
}
|
||||
|
||||
|
|
@ -576,6 +577,7 @@ static int load_files_with_prefix(const char* orig_file)
|
|||
{
|
||||
fclose(f);
|
||||
delete [] full_filename;
|
||||
delete [] bropath_subpath;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
|
@ -621,10 +623,12 @@ static int load_files_with_prefix(const char* orig_file)
|
|||
|
||||
if ( generate_documentation )
|
||||
{
|
||||
current_reST_doc = new BroDoc(orig_file, full_filename);
|
||||
current_reST_doc = new BroDoc(bropath_subpath, full_filename);
|
||||
docs_generated.push_back(current_reST_doc);
|
||||
}
|
||||
|
||||
delete [] bropath_subpath;
|
||||
|
||||
// "orig_file", could be an alias for yytext, which is ephemeral
|
||||
// and will be zapped after the yy_switch_to_buffer() below.
|
||||
yy_switch_to_buffer(yy_create_buffer(f, YY_BUF_SIZE));
|
||||
|
|
|
|||
|
|
@ -45,12 +45,11 @@
|
|||
|
||||
function to_string_val(data : uint8[]) : StringVal
|
||||
%{
|
||||
assert(data->size() <= 32);
|
||||
|
||||
char tmp[32];
|
||||
memset(tmp, 0, sizeof(tmp));
|
||||
|
||||
if ( data )
|
||||
// Just return an empty string if the string is longer than 32 bytes
|
||||
if ( data && data->size() <= 32 )
|
||||
{
|
||||
for ( unsigned int i = data->size(); i > 0; --i )
|
||||
tmp[i-1] = (*data)[i-1];
|
||||
|
|
@ -93,18 +92,18 @@ function convert_ciphers_uint16(ciph : uint16[]) : int[]
|
|||
return newciph;
|
||||
%}
|
||||
|
||||
refine analyzer SSLAnalyzer += {
|
||||
refine connection SSL_Conn += {
|
||||
|
||||
%member{
|
||||
Analyzer* bro_analyzer_;
|
||||
%}
|
||||
|
||||
%init{
|
||||
bro_analyzer_ = 0;
|
||||
%}
|
||||
|
||||
%eof{
|
||||
if ( state_ != STATE_CONN_ESTABLISHED &&
|
||||
state_ != STATE_TRACK_LOST && state_ != STATE_INITIAL )
|
||||
state_ != STATE_TRACK_LOST &&
|
||||
state_ != STATE_INITIAL )
|
||||
bro_analyzer()->ProtocolViolation(fmt("unexpected end of connection in state %s",
|
||||
state_label(state_).c_str()));
|
||||
%}
|
||||
|
|
@ -112,16 +111,6 @@ refine analyzer SSLAnalyzer += {
|
|||
%cleanup{
|
||||
%}
|
||||
|
||||
function bro_analyzer() : Analyzer
|
||||
%{
|
||||
return bro_analyzer_;
|
||||
%}
|
||||
|
||||
function set_bro_analyzer(a : Analyzer) : void
|
||||
%{
|
||||
bro_analyzer_ = a;
|
||||
%}
|
||||
|
||||
function proc_change_cipher_spec(rec: SSLRecord) : bool
|
||||
%{
|
||||
if ( state_ == STATE_TRACK_LOST )
|
||||
|
|
@ -133,7 +122,8 @@ refine analyzer SSLAnalyzer += {
|
|||
|
||||
function proc_application_data(rec: SSLRecord) : bool
|
||||
%{
|
||||
if ( state_ != STATE_CONN_ESTABLISHED )
|
||||
if ( state_ != STATE_CONN_ESTABLISHED &&
|
||||
(state_ != STATE_CLIENT_FINISHED && ! ${rec.is_orig}) )
|
||||
bro_analyzer()->ProtocolViolation(fmt("unexpected ApplicationData from %s at state %s",
|
||||
orig_label(${rec.is_orig}).c_str(),
|
||||
state_label(old_state_).c_str()));
|
||||
|
|
@ -142,7 +132,7 @@ refine analyzer SSLAnalyzer += {
|
|||
|
||||
function proc_alert(rec: SSLRecord, level : int, desc : int) : bool
|
||||
%{
|
||||
BifEvent::generate_ssl_alert(bro_analyzer_, bro_analyzer_->Conn(),
|
||||
BifEvent::generate_ssl_alert(bro_analyzer(), bro_analyzer()->Conn(),
|
||||
level, desc);
|
||||
return true;
|
||||
%}
|
||||
|
|
@ -174,7 +164,7 @@ refine analyzer SSLAnalyzer += {
|
|||
Unref(ciph);
|
||||
}
|
||||
|
||||
BifEvent::generate_ssl_client_hello(bro_analyzer_, bro_analyzer_->Conn(),
|
||||
BifEvent::generate_ssl_client_hello(bro_analyzer(), bro_analyzer()->Conn(),
|
||||
version, ts,
|
||||
to_string_val(session_id),
|
||||
cipher_set);
|
||||
|
|
@ -199,8 +189,8 @@ refine analyzer SSLAnalyzer += {
|
|||
|
||||
if ( ssl_server_hello )
|
||||
{
|
||||
BifEvent::generate_ssl_server_hello(bro_analyzer_,
|
||||
bro_analyzer_->Conn(),
|
||||
BifEvent::generate_ssl_server_hello(bro_analyzer(),
|
||||
bro_analyzer()->Conn(),
|
||||
version, ts,
|
||||
to_string_val(session_id),
|
||||
cipher_suite, comp_method);
|
||||
|
|
@ -213,8 +203,8 @@ refine analyzer SSLAnalyzer += {
|
|||
function proc_ssl_extension(type: int, data: bytestring) : bool
|
||||
%{
|
||||
if ( ssl_extension )
|
||||
BifEvent::generate_ssl_extension(bro_analyzer_,
|
||||
bro_analyzer_->Conn(), type,
|
||||
BifEvent::generate_ssl_extension(bro_analyzer(),
|
||||
bro_analyzer()->Conn(), type,
|
||||
new StringVal(data.length(), (const char*) data.data()));
|
||||
return true;
|
||||
%}
|
||||
|
|
@ -241,7 +231,7 @@ refine analyzer SSLAnalyzer += {
|
|||
X509* pTemp = d2i_X509_binpac(NULL, &data, cert.length());
|
||||
if ( ! pTemp )
|
||||
{
|
||||
BifEvent::generate_x509_error(bro_analyzer_, bro_analyzer_->Conn(),
|
||||
BifEvent::generate_x509_error(bro_analyzer(), bro_analyzer()->Conn(),
|
||||
ERR_get_error());
|
||||
return false;
|
||||
}
|
||||
|
|
@ -267,7 +257,7 @@ refine analyzer SSLAnalyzer += {
|
|||
pX509Cert->Assign(5, new Val(get_time_from_asn1(X509_get_notAfter(pTemp)), TYPE_TIME));
|
||||
StringVal* der_cert = new StringVal(cert.length(), (const char*) cert.data());
|
||||
|
||||
BifEvent::generate_x509_certificate(bro_analyzer_, bro_analyzer_->Conn(),
|
||||
BifEvent::generate_x509_certificate(bro_analyzer(), bro_analyzer()->Conn(),
|
||||
pX509Cert,
|
||||
! ${rec.is_orig},
|
||||
i, certificates->size(),
|
||||
|
|
@ -299,8 +289,8 @@ refine analyzer SSLAnalyzer += {
|
|||
continue;
|
||||
|
||||
StringVal* value = new StringVal(length, pBuffer);
|
||||
BifEvent::generate_x509_extension(bro_analyzer_,
|
||||
bro_analyzer_->Conn(), value);
|
||||
BifEvent::generate_x509_extension(bro_analyzer(),
|
||||
bro_analyzer()->Conn(), value);
|
||||
OPENSSL_free(pBuffer);
|
||||
}
|
||||
}
|
||||
|
|
@ -339,8 +329,8 @@ refine analyzer SSLAnalyzer += {
|
|||
orig_label(${rec.is_orig}).c_str(),
|
||||
state_label(old_state_).c_str()));
|
||||
|
||||
BifEvent::generate_ssl_established(bro_analyzer_,
|
||||
bro_analyzer_->Conn());
|
||||
BifEvent::generate_ssl_established(bro_analyzer(),
|
||||
bro_analyzer()->Conn());
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
|
@ -379,89 +369,85 @@ refine analyzer SSLAnalyzer += {
|
|||
|
||||
else if ( state_ == STATE_CONN_ESTABLISHED &&
|
||||
old_state_ == STATE_COMM_ENCRYPTED )
|
||||
BifEvent::generate_ssl_established(bro_analyzer_,
|
||||
bro_analyzer_->Conn());
|
||||
BifEvent::generate_ssl_established(bro_analyzer(),
|
||||
bro_analyzer()->Conn());
|
||||
|
||||
return true;
|
||||
%}
|
||||
|
||||
};
|
||||
|
||||
refine typeattr ChangeCipherSpec += &let {
|
||||
proc : bool = $context.analyzer.proc_change_cipher_spec(rec)
|
||||
proc : bool = $context.connection.proc_change_cipher_spec(rec)
|
||||
&requires(state_changed);
|
||||
};
|
||||
|
||||
refine typeattr Alert += &let {
|
||||
proc : bool = $context.analyzer.proc_alert(rec, level, description);
|
||||
proc : bool = $context.connection.proc_alert(rec, level, description);
|
||||
};
|
||||
|
||||
refine typeattr V2Error += &let {
|
||||
proc : bool = $context.analyzer.proc_alert(rec, -1, error_code);
|
||||
proc : bool = $context.connection.proc_alert(rec, -1, error_code);
|
||||
};
|
||||
|
||||
refine typeattr ApplicationData += &let {
|
||||
proc : bool = $context.analyzer.proc_application_data(rec);
|
||||
proc : bool = $context.connection.proc_application_data(rec);
|
||||
};
|
||||
|
||||
refine typeattr ClientHello += &let {
|
||||
proc : bool = $context.analyzer.proc_client_hello(rec, client_version,
|
||||
proc : bool = $context.connection.proc_client_hello(rec, client_version,
|
||||
gmt_unix_time,
|
||||
session_id, convert_ciphers_uint16(csuits))
|
||||
&requires(state_changed);
|
||||
};
|
||||
|
||||
refine typeattr V2ClientHello += &let {
|
||||
proc : bool = $context.analyzer.proc_client_hello(rec, client_version, 0,
|
||||
proc : bool = $context.connection.proc_client_hello(rec, client_version, 0,
|
||||
session_id, convert_ciphers_uint24(ciphers))
|
||||
&requires(state_changed);
|
||||
};
|
||||
|
||||
refine typeattr ServerHello += &let {
|
||||
proc : bool = $context.analyzer.proc_server_hello(rec, server_version,
|
||||
proc : bool = $context.connection.proc_server_hello(rec, server_version,
|
||||
gmt_unix_time, session_id, cipher_suite,
|
||||
compression_method)
|
||||
&requires(state_changed);
|
||||
};
|
||||
|
||||
refine typeattr V2ServerHello += &let {
|
||||
proc : bool = $context.analyzer.proc_server_hello(rec, server_version, 0, 0,
|
||||
proc : bool = $context.connection.proc_server_hello(rec, server_version, 0, 0,
|
||||
convert_ciphers_uint24(ciphers)[0], 0)
|
||||
&requires(state_changed);
|
||||
|
||||
cert : bool = $context.analyzer.proc_v2_certificate(rec, cert_data)
|
||||
cert : bool = $context.connection.proc_v2_certificate(rec, cert_data)
|
||||
&requires(proc);
|
||||
};
|
||||
|
||||
refine typeattr Certificate += &let {
|
||||
proc : bool = $context.analyzer.proc_v3_certificate(rec, certificates)
|
||||
proc : bool = $context.connection.proc_v3_certificate(rec, certificates)
|
||||
&requires(state_changed);
|
||||
};
|
||||
|
||||
refine typeattr V2ClientMasterKey += &let {
|
||||
proc : bool = $context.analyzer.proc_v2_client_master_key(rec, to_int()(cipher_kind))
|
||||
proc : bool = $context.connection.proc_v2_client_master_key(rec, cipher_kind)
|
||||
&requires(state_changed);
|
||||
};
|
||||
|
||||
refine typeattr UnknownHandshake += &let {
|
||||
proc : bool = $context.analyzer.proc_unknown_handshake(hs, is_orig);
|
||||
proc : bool = $context.connection.proc_unknown_handshake(hs, is_orig);
|
||||
};
|
||||
|
||||
refine typeattr Handshake += &let {
|
||||
proc : bool = $context.analyzer.proc_handshake(this, rec.is_orig);
|
||||
proc : bool = $context.connection.proc_handshake(this, rec.is_orig);
|
||||
};
|
||||
|
||||
refine typeattr UnknownRecord += &let {
|
||||
proc : bool = $context.analyzer.proc_unknown_record(rec);
|
||||
proc : bool = $context.connection.proc_unknown_record(rec);
|
||||
};
|
||||
|
||||
refine typeattr CiphertextRecord += &let {
|
||||
proc : bool = $context.analyzer.proc_ciphertext_record(rec);
|
||||
proc : bool = $context.connection.proc_ciphertext_record(rec);
|
||||
}
|
||||
|
||||
refine typeattr SSLExtension += &let {
|
||||
proc : bool = $context.analyzer.proc_ssl_extension(type, data);
|
||||
proc : bool = $context.connection.proc_ssl_extension(type, data);
|
||||
};
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,11 @@ type uint24 = record {
|
|||
return (num->byte1() << 16) | (num->byte2() << 8) | num->byte3();
|
||||
}
|
||||
};
|
||||
|
||||
string state_label(int state_nr);
|
||||
string orig_label(bool is_orig);
|
||||
double get_time_from_asn1(const ASN1_TIME * atime);
|
||||
string handshake_type_label(int type);
|
||||
%}
|
||||
|
||||
extern type to_int;
|
||||
|
|
@ -30,11 +35,11 @@ type SSLRecord(is_orig: bool) = record {
|
|||
head2 : uint8;
|
||||
head3 : uint8;
|
||||
head4 : uint8;
|
||||
rec : RecordText(this, is_orig) &requires(content_type), &restofdata;
|
||||
rec : RecordText(this, is_orig)[] &length=length, &requires(content_type);
|
||||
} &length = length+5, &byteorder=bigendian,
|
||||
&let {
|
||||
version : int =
|
||||
$context.analyzer.determine_ssl_version(head0, head1, head2);
|
||||
$context.connection.determine_ssl_version(head0, head1, head2);
|
||||
|
||||
content_type : int = case version of {
|
||||
UNKNOWN_VERSION -> 0;
|
||||
|
|
@ -49,7 +54,7 @@ type SSLRecord(is_orig: bool) = record {
|
|||
};
|
||||
};
|
||||
|
||||
type RecordText(rec: SSLRecord, is_orig: bool) = case $context.analyzer.state() of {
|
||||
type RecordText(rec: SSLRecord, is_orig: bool) = case $context.connection.state() of {
|
||||
STATE_ABBREV_SERVER_ENCRYPTED, STATE_CLIENT_ENCRYPTED,
|
||||
STATE_COMM_ENCRYPTED, STATE_CONN_ESTABLISHED
|
||||
-> ciphertext : CiphertextRecord(rec, is_orig);
|
||||
|
|
@ -57,10 +62,17 @@ type RecordText(rec: SSLRecord, is_orig: bool) = case $context.analyzer.state()
|
|||
-> plaintext : PlaintextRecord(rec, is_orig);
|
||||
};
|
||||
|
||||
type PossibleEncryptedHandshake(rec: SSLRecord, is_orig: bool) = case $context.connection.state() of {
|
||||
# Deal with encrypted handshakes before the server cipher spec change.
|
||||
STATE_CLIENT_FINISHED, STATE_CLIENT_ENCRYPTED
|
||||
-> ct : CiphertextRecord(rec, is_orig);
|
||||
default -> hs : Handshake(rec);
|
||||
};
|
||||
|
||||
type PlaintextRecord(rec: SSLRecord, is_orig: bool) = case rec.content_type of {
|
||||
CHANGE_CIPHER_SPEC -> ch_cipher : ChangeCipherSpec(rec);
|
||||
ALERT -> alert : Alert(rec);
|
||||
HANDSHAKE -> handshake : Handshake(rec)[];
|
||||
HANDSHAKE -> handshake : PossibleEncryptedHandshake(rec, is_orig);
|
||||
APPLICATION_DATA -> app_data : ApplicationData(rec);
|
||||
V2_ERROR -> v2_error : V2Error(rec);
|
||||
V2_CLIENT_HELLO -> v2_client_hello : V2ClientHello(rec);
|
||||
|
|
@ -297,21 +309,21 @@ type ChangeCipherSpec(rec: SSLRecord) = record {
|
|||
type : uint8;
|
||||
} &length = 1, &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_CLIENT_FINISHED,
|
||||
$context.connection.transition(STATE_CLIENT_FINISHED,
|
||||
STATE_COMM_ENCRYPTED, rec.is_orig, false) ||
|
||||
$context.analyzer.transition(STATE_IN_SERVER_HELLO,
|
||||
$context.connection.transition(STATE_IN_SERVER_HELLO,
|
||||
STATE_ABBREV_SERVER_ENCRYPTED, rec.is_orig, false) ||
|
||||
$context.analyzer.transition(STATE_CLIENT_KEY_NO_CERT,
|
||||
$context.connection.transition(STATE_CLIENT_KEY_NO_CERT,
|
||||
STATE_CLIENT_ENCRYPTED, rec.is_orig, true) ||
|
||||
$context.analyzer.transition(STATE_CLIENT_CERT_VERIFIED,
|
||||
$context.connection.transition(STATE_CLIENT_CERT_VERIFIED,
|
||||
STATE_CLIENT_ENCRYPTED, rec.is_orig, true) ||
|
||||
#$context.analyzer.transition(STATE_CLIENT_CERT,
|
||||
# STATE_CLIENT_ENCRYPTED, rec.is_orig, true) ||
|
||||
$context.analyzer.transition(STATE_CLIENT_KEY_WITH_CERT,
|
||||
$context.connection.transition(STATE_CLIENT_CERT,
|
||||
STATE_CLIENT_ENCRYPTED, rec.is_orig, true) ||
|
||||
$context.analyzer.transition(STATE_ABBREV_SERVER_FINISHED,
|
||||
$context.connection.transition(STATE_CLIENT_KEY_WITH_CERT,
|
||||
STATE_CLIENT_ENCRYPTED, rec.is_orig, true) ||
|
||||
$context.connection.transition(STATE_ABBREV_SERVER_FINISHED,
|
||||
STATE_COMM_ENCRYPTED, rec.is_orig, true) ||
|
||||
$context.analyzer.lost_track();
|
||||
$context.connection.lost_track();
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -330,7 +342,9 @@ type Alert(rec: SSLRecord) = record {
|
|||
######################################################################
|
||||
|
||||
type V2Error(rec: SSLRecord) = record {
|
||||
error_code : uint16;
|
||||
data: bytestring &restofdata &transient;
|
||||
} &let {
|
||||
error_code : uint16 = ((rec.head3 << 8) | rec.head4);
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -340,7 +354,9 @@ type V2Error(rec: SSLRecord) = record {
|
|||
|
||||
# Application data should always be encrypted, so we should not
|
||||
# reach this point.
|
||||
type ApplicationData(rec: SSLRecord) = empty;
|
||||
type ApplicationData(rec: SSLRecord) = record {
|
||||
data : bytestring &restofdata &transient;
|
||||
};
|
||||
|
||||
######################################################################
|
||||
# Handshake Protocol (7.4.)
|
||||
|
|
@ -352,7 +368,7 @@ type ApplicationData(rec: SSLRecord) = empty;
|
|||
|
||||
# Hello Request is empty
|
||||
type HelloRequest(rec: SSLRecord) = empty &let {
|
||||
hr: bool = $context.analyzer.set_hello_requested(true);
|
||||
hr: bool = $context.connection.set_hello_requested(true);
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -376,11 +392,11 @@ type ClientHello(rec: SSLRecord) = record {
|
|||
extensions : SSLExtension[] &until($input.length() == 0);
|
||||
} &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_INITIAL,
|
||||
$context.connection.transition(STATE_INITIAL,
|
||||
STATE_CLIENT_HELLO_RCVD, rec.is_orig, true) ||
|
||||
($context.analyzer.hello_requested() &&
|
||||
$context.analyzer.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, rec.is_orig, true)) ||
|
||||
$context.analyzer.lost_track();
|
||||
($context.connection.hello_requested() &&
|
||||
$context.connection.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, rec.is_orig, true)) ||
|
||||
$context.connection.lost_track();
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -389,20 +405,21 @@ type ClientHello(rec: SSLRecord) = record {
|
|||
######################################################################
|
||||
|
||||
type V2ClientHello(rec: SSLRecord) = record {
|
||||
client_version : uint16;
|
||||
csuit_len : uint16;
|
||||
session_len : uint16;
|
||||
chal_len : uint16;
|
||||
ciphers : uint24[csuit_len/3];
|
||||
session_id : uint8[session_len];
|
||||
challenge : bytestring &length = chal_len;
|
||||
} &length = 8 + csuit_len + session_len + chal_len, &let {
|
||||
} &length = 6 + csuit_len + session_len + chal_len, &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_INITIAL,
|
||||
$context.connection.transition(STATE_INITIAL,
|
||||
STATE_CLIENT_HELLO_RCVD, rec.is_orig, true) ||
|
||||
($context.analyzer.hello_requested() &&
|
||||
$context.analyzer.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, rec.is_orig, true)) ||
|
||||
$context.analyzer.lost_track();
|
||||
($context.connection.hello_requested() &&
|
||||
$context.connection.transition(STATE_ANY, STATE_CLIENT_HELLO_RCVD, rec.is_orig, true)) ||
|
||||
$context.connection.lost_track();
|
||||
|
||||
client_version : int = rec.version;
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -420,9 +437,9 @@ type ServerHello(rec: SSLRecord) = record {
|
|||
compression_method : uint8;
|
||||
} &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_CLIENT_HELLO_RCVD,
|
||||
$context.connection.transition(STATE_CLIENT_HELLO_RCVD,
|
||||
STATE_IN_SERVER_HELLO, rec.is_orig, false) ||
|
||||
$context.analyzer.lost_track();
|
||||
$context.connection.lost_track();
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -431,8 +448,8 @@ type ServerHello(rec: SSLRecord) = record {
|
|||
######################################################################
|
||||
|
||||
type V2ServerHello(rec: SSLRecord) = record {
|
||||
session_id_hit : uint8;
|
||||
cert_type : uint8;
|
||||
#session_id_hit : uint8;
|
||||
#cert_type : uint8;
|
||||
server_version : uint16;
|
||||
cert_len : uint16;
|
||||
ciph_len : uint16;
|
||||
|
|
@ -440,14 +457,18 @@ type V2ServerHello(rec: SSLRecord) = record {
|
|||
cert_data : bytestring &length = cert_len;
|
||||
ciphers : uint24[ciph_len/3];
|
||||
conn_id_data : bytestring &length = conn_id_len;
|
||||
} &length = 10 + cert_len + ciph_len + conn_id_len, &let {
|
||||
} #&length = 8 + cert_len + ciph_len + conn_id_len,
|
||||
&let {
|
||||
state_changed : bool =
|
||||
(session_id_hit > 0 ?
|
||||
$context.analyzer.transition(STATE_CLIENT_HELLO_RCVD,
|
||||
$context.connection.transition(STATE_CLIENT_HELLO_RCVD,
|
||||
STATE_CONN_ESTABLISHED, rec.is_orig, false) :
|
||||
$context.analyzer.transition(STATE_CLIENT_HELLO_RCVD,
|
||||
$context.connection.transition(STATE_CLIENT_HELLO_RCVD,
|
||||
STATE_V2_CL_MASTER_KEY_EXPECTED, rec.is_orig, false)) ||
|
||||
$context.analyzer.lost_track();
|
||||
$context.connection.lost_track();
|
||||
|
||||
session_id_hit : uint8 = rec.head3;
|
||||
cert_type : uint8 = rec.head4;
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -467,11 +488,11 @@ type Certificate(rec: SSLRecord) = record {
|
|||
certificates : CertificateList &length = to_int()(length);
|
||||
} &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_IN_SERVER_HELLO,
|
||||
$context.connection.transition(STATE_IN_SERVER_HELLO,
|
||||
STATE_IN_SERVER_HELLO, rec.is_orig, false) ||
|
||||
$context.analyzer.transition(STATE_SERVER_HELLO_DONE,
|
||||
$context.connection.transition(STATE_SERVER_HELLO_DONE,
|
||||
STATE_CLIENT_CERT, rec.is_orig, true) ||
|
||||
$context.analyzer.lost_track();
|
||||
$context.connection.lost_track();
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -481,12 +502,12 @@ type Certificate(rec: SSLRecord) = record {
|
|||
|
||||
# For now ignore details; just eat up complete message
|
||||
type ServerKeyExchange(rec: SSLRecord) = record {
|
||||
key : bytestring &restofdata;
|
||||
key : bytestring &restofdata &transient;
|
||||
} &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_IN_SERVER_HELLO,
|
||||
$context.connection.transition(STATE_IN_SERVER_HELLO,
|
||||
STATE_IN_SERVER_HELLO, rec.is_orig, false) ||
|
||||
$context.analyzer.lost_track();
|
||||
$context.connection.lost_track();
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -499,9 +520,9 @@ type CertificateRequest(rec: SSLRecord) = record {
|
|||
cont : bytestring &restofdata &transient;
|
||||
} &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_IN_SERVER_HELLO,
|
||||
$context.connection.transition(STATE_IN_SERVER_HELLO,
|
||||
STATE_IN_SERVER_HELLO, rec.is_orig, false) ||
|
||||
$context.analyzer.lost_track();
|
||||
$context.connection.lost_track();
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -512,9 +533,9 @@ type CertificateRequest(rec: SSLRecord) = record {
|
|||
# Server Hello Done is empty
|
||||
type ServerHelloDone(rec: SSLRecord) = empty &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_IN_SERVER_HELLO,
|
||||
$context.connection.transition(STATE_IN_SERVER_HELLO,
|
||||
STATE_SERVER_HELLO_DONE, rec.is_orig, false) ||
|
||||
$context.analyzer.lost_track();
|
||||
$context.connection.lost_track();
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -533,16 +554,16 @@ type ServerHelloDone(rec: SSLRecord) = empty &let {
|
|||
# For now ignore details of ClientKeyExchange (most of it is
|
||||
# encrypted anyway); just eat up message.
|
||||
type ClientKeyExchange(rec: SSLRecord) = record {
|
||||
cont : bytestring &restofdata &transient;
|
||||
key : bytestring &restofdata &transient;
|
||||
} &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_SERVER_HELLO_DONE,
|
||||
$context.connection.transition(STATE_SERVER_HELLO_DONE,
|
||||
STATE_CLIENT_KEY_NO_CERT, rec.is_orig, true) ||
|
||||
$context.analyzer.transition(STATE_CLIENT_CERT,
|
||||
$context.connection.transition(STATE_CLIENT_CERT,
|
||||
STATE_CLIENT_KEY_WITH_CERT, rec.is_orig, true) ||
|
||||
$context.analyzer.transition(STATE_CLIENT_CERT,
|
||||
$context.connection.transition(STATE_CLIENT_CERT,
|
||||
STATE_CLIENT_KEY_WITH_CERT, rec.is_orig, true) ||
|
||||
$context.analyzer.lost_track();
|
||||
$context.connection.lost_track();
|
||||
};
|
||||
|
||||
######################################################################
|
||||
|
|
@ -550,18 +571,20 @@ type ClientKeyExchange(rec: SSLRecord) = record {
|
|||
######################################################################
|
||||
|
||||
type V2ClientMasterKey(rec: SSLRecord) = record {
|
||||
cipher_kind : uint24;
|
||||
cipher_kind_8 : uint8;
|
||||
cl_key_len : uint16;
|
||||
en_key_len : uint16;
|
||||
key_arg_len : uint16;
|
||||
cl_key_data : bytestring &length = cl_key_len &transient;
|
||||
en_key_data : bytestring &length = en_key_len &transient;
|
||||
key_arg_data : bytestring &length = key_arg_len &transient;
|
||||
} &length = 9 + cl_key_len + en_key_len + key_arg_len, &let {
|
||||
} &length = 7 + cl_key_len + en_key_len + key_arg_len, &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_V2_CL_MASTER_KEY_EXPECTED,
|
||||
$context.connection.transition(STATE_V2_CL_MASTER_KEY_EXPECTED,
|
||||
STATE_CONN_ESTABLISHED, rec.is_orig, true) ||
|
||||
$context.analyzer.lost_track();
|
||||
$context.connection.lost_track();
|
||||
|
||||
cipher_kind : int = (((rec.head3 << 16) | (rec.head4 << 8)) | cipher_kind_8);
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -574,9 +597,9 @@ type CertificateVerify(rec: SSLRecord) = record {
|
|||
cont : bytestring &restofdata &transient;
|
||||
} &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_CLIENT_KEY_WITH_CERT,
|
||||
$context.connection.transition(STATE_CLIENT_KEY_WITH_CERT,
|
||||
STATE_CLIENT_CERT_VERIFIED, rec.is_orig, true) ||
|
||||
$context.analyzer.lost_track();
|
||||
$context.connection.lost_track();
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -595,14 +618,9 @@ type CertificateVerify(rec: SSLRecord) = record {
|
|||
type UnknownHandshake(hs: Handshake, is_orig: bool) = record {
|
||||
cont : bytestring &restofdata &transient;
|
||||
} &let {
|
||||
# TODO: an unknown handshake could just be an encrypted handshake
|
||||
# before a server sends the change cipher spec message.
|
||||
# I have no clue why this happens, but it does seem to happen.
|
||||
# This should be solved in a different way eventually.
|
||||
#state_changed : bool = $context.analyzer.lost_track();
|
||||
state_changed : bool = $context.connection.lost_track();
|
||||
};
|
||||
|
||||
|
||||
type Handshake(rec: SSLRecord) = record {
|
||||
msg_type : uint8;
|
||||
length : uint24;
|
||||
|
|
@ -618,8 +636,8 @@ type Handshake(rec: SSLRecord) = record {
|
|||
CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify(rec);
|
||||
CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(rec);
|
||||
default -> unknown_handshake : UnknownHandshake(this, rec.is_orig);
|
||||
};
|
||||
} &length = 4 + to_int()(length);
|
||||
} &length = to_int()(length);
|
||||
};
|
||||
|
||||
|
||||
######################################################################
|
||||
|
|
@ -629,24 +647,30 @@ type Handshake(rec: SSLRecord) = record {
|
|||
type UnknownRecord(rec: SSLRecord) = record {
|
||||
cont : bytestring &restofdata &transient;
|
||||
} &let {
|
||||
state_changed : bool = $context.analyzer.lost_track();
|
||||
state_changed : bool = $context.connection.lost_track();
|
||||
};
|
||||
|
||||
type CiphertextRecord(rec: SSLRecord, is_orig: bool) = empty &let {
|
||||
type CiphertextRecord(rec: SSLRecord, is_orig: bool) = record {
|
||||
cont : bytestring &restofdata &transient;
|
||||
} &let {
|
||||
state_changed : bool =
|
||||
$context.analyzer.transition(STATE_ABBREV_SERVER_ENCRYPTED,
|
||||
STATE_ABBREV_SERVER_FINISHED, rec.is_orig, false) ||
|
||||
$context.analyzer.transition(STATE_CLIENT_ENCRYPTED,
|
||||
$context.connection.transition(STATE_CLIENT_FINISHED,
|
||||
STATE_CLIENT_FINISHED, rec.is_orig, false) ||
|
||||
$context.connection.transition(STATE_CLIENT_FINISHED,
|
||||
STATE_CLIENT_FINISHED, rec.is_orig, true) ||
|
||||
$context.analyzer.transition(STATE_COMM_ENCRYPTED,
|
||||
$context.connection.transition(STATE_ABBREV_SERVER_ENCRYPTED,
|
||||
STATE_ABBREV_SERVER_FINISHED, rec.is_orig, false) ||
|
||||
$context.connection.transition(STATE_CLIENT_ENCRYPTED,
|
||||
STATE_CLIENT_FINISHED, rec.is_orig, true) ||
|
||||
$context.connection.transition(STATE_COMM_ENCRYPTED,
|
||||
STATE_CONN_ESTABLISHED, rec.is_orig, false) ||
|
||||
$context.analyzer.transition(STATE_COMM_ENCRYPTED,
|
||||
$context.connection.transition(STATE_COMM_ENCRYPTED,
|
||||
STATE_CONN_ESTABLISHED, rec.is_orig, true) ||
|
||||
$context.analyzer.transition(STATE_CONN_ESTABLISHED,
|
||||
$context.connection.transition(STATE_CONN_ESTABLISHED,
|
||||
STATE_CONN_ESTABLISHED, rec.is_orig, false) ||
|
||||
$context.analyzer.transition(STATE_CONN_ESTABLISHED,
|
||||
$context.connection.transition(STATE_CONN_ESTABLISHED,
|
||||
STATE_CONN_ESTABLISHED, rec.is_orig, true) ||
|
||||
$context.analyzer.lost_track();
|
||||
$context.connection.lost_track();
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -663,9 +687,7 @@ type SSLPDU(is_orig: bool) = record {
|
|||
# binpac analyzer for SSL including
|
||||
######################################################################
|
||||
|
||||
analyzer SSLAnalyzer {
|
||||
upflow = SSLFlow(true);
|
||||
downflow = SSLFlow(false);
|
||||
refine connection SSL_Conn += {
|
||||
|
||||
%member{
|
||||
int state_;
|
||||
|
|
|
|||
18
src/ssl.pac
18
src/ssl.pac
|
|
@ -11,14 +11,20 @@
|
|||
%include bro.pac
|
||||
|
||||
analyzer SSL withcontext {
|
||||
analyzer : SSLAnalyzer;
|
||||
flow : SSLFlow;
|
||||
connection: SSL_Conn;
|
||||
flow: SSL_Flow;
|
||||
};
|
||||
|
||||
connection SSL_Conn(bro_analyzer: BroAnalyzer) {
|
||||
upflow = SSL_Flow(true);
|
||||
downflow = SSL_Flow(false);
|
||||
};
|
||||
|
||||
%include ssl-protocol.pac
|
||||
|
||||
flow SSL_Flow(is_orig: bool) {
|
||||
flowunit = SSLPDU(is_orig) withcontext(connection, this);
|
||||
}
|
||||
|
||||
%include ssl-analyzer.pac
|
||||
%include ssl-defs.pac
|
||||
|
||||
flow SSLFlow(is_orig : bool) {
|
||||
flowunit = SSLPDU(is_orig) withcontext(connection, this);
|
||||
};
|
||||
|
|
|
|||
81
src/util.cc
81
src/util.cc
|
|
@ -26,6 +26,7 @@
|
|||
#include <stdarg.h>
|
||||
#include <errno.h>
|
||||
#include <signal.h>
|
||||
#include <libgen.h>
|
||||
|
||||
#ifdef HAVE_MALLINFO
|
||||
# include <malloc.h>
|
||||
|
|
@ -881,7 +882,7 @@ const char* bro_prefixes()
|
|||
return p;
|
||||
}
|
||||
|
||||
static const char* PACKAGE_LOADER = "__load__.bro";
|
||||
const char* PACKAGE_LOADER = "__load__.bro";
|
||||
|
||||
// If filename is pointing to a directory that contains a file called
|
||||
// PACKAGE_LOADER, returns the files path. Otherwise returns filename itself.
|
||||
|
|
@ -915,11 +916,73 @@ FILE* open_file(const char* filename, const char** full_filename, bool load_pkgs
|
|||
return f;
|
||||
}
|
||||
|
||||
// Returns the subpath of BROPATH's policy/ directory in which the loaded
|
||||
// file in located. If it's not under a subpath of policy/ then the full
|
||||
// path is returned, else the subpath of policy/ concatentated with any
|
||||
// directory prefix of the file is returned.
|
||||
void get_policy_subpath(const char* dir, const char* file, const char** subpath)
|
||||
{
|
||||
// first figure out if this is a subpath of policy/
|
||||
const char* ploc = strstr(dir, "policy");
|
||||
if ( ploc )
|
||||
if ( ploc[6] == '\0' )
|
||||
*subpath = copy_string(ploc + 6);
|
||||
else if ( ploc[6] == '/' )
|
||||
*subpath = copy_string(ploc + 7);
|
||||
else
|
||||
*subpath = copy_string(dir);
|
||||
else
|
||||
*subpath = copy_string(dir);
|
||||
|
||||
// and now add any directory parts of the filename
|
||||
char full_filename_buf[1024];
|
||||
safe_snprintf(full_filename_buf, sizeof(full_filename_buf),
|
||||
"%s/%s", dir, file);
|
||||
char* tmp = copy_string(file);
|
||||
const char* fdir = 0;
|
||||
|
||||
if ( is_dir(full_filename_buf) )
|
||||
fdir = file;
|
||||
|
||||
if ( ! fdir )
|
||||
fdir = dirname(tmp);
|
||||
|
||||
if ( ! streq(fdir, ".") )
|
||||
{
|
||||
size_t full_subpath_len = strlen(*subpath) + strlen(fdir) + 1;
|
||||
bool needslash = false;
|
||||
if ( strlen(*subpath) != 0 && (*subpath)[strlen(*subpath) - 1] != '/' )
|
||||
{
|
||||
++full_subpath_len;
|
||||
needslash = true;
|
||||
}
|
||||
|
||||
char* full_subpath = new char[full_subpath_len];
|
||||
strcpy(full_subpath, *subpath);
|
||||
if ( needslash )
|
||||
strcat(full_subpath, "/");
|
||||
strcat(full_subpath, fdir);
|
||||
delete [] *subpath;
|
||||
*subpath = full_subpath;
|
||||
}
|
||||
|
||||
delete [] tmp;
|
||||
}
|
||||
|
||||
FILE* search_for_file(const char* filename, const char* ext,
|
||||
const char** full_filename, bool load_pkgs)
|
||||
const char** full_filename, bool load_pkgs,
|
||||
const char** bropath_subpath)
|
||||
{
|
||||
if ( filename[0] == '/' || filename[0] == '.' )
|
||||
{
|
||||
if ( bropath_subpath )
|
||||
{
|
||||
char* tmp = copy_string(filename);
|
||||
*bropath_subpath = copy_string(dirname(tmp));
|
||||
delete [] tmp;
|
||||
}
|
||||
return open_file(filename, full_filename, load_pkgs);
|
||||
}
|
||||
|
||||
char path[1024], full_filename_buf[1024];
|
||||
safe_strncpy(path, bro_path(), sizeof(path));
|
||||
|
|
@ -942,18 +1005,32 @@ FILE* search_for_file(const char* filename, const char* ext,
|
|||
"%s/%s.%s", dir_beginning, filename, ext);
|
||||
if ( access(full_filename_buf, R_OK) == 0 &&
|
||||
! is_dir(full_filename_buf) )
|
||||
{
|
||||
if ( bropath_subpath )
|
||||
get_policy_subpath(dir_beginning, filename, bropath_subpath);
|
||||
return open_file(full_filename_buf, full_filename, load_pkgs);
|
||||
}
|
||||
|
||||
safe_snprintf(full_filename_buf, sizeof(full_filename_buf),
|
||||
"%s/%s", dir_beginning, filename);
|
||||
if ( access(full_filename_buf, R_OK) == 0 )
|
||||
{
|
||||
if ( bropath_subpath )
|
||||
get_policy_subpath(dir_beginning, filename, bropath_subpath);
|
||||
return open_file(full_filename_buf, full_filename, load_pkgs);
|
||||
}
|
||||
|
||||
dir_beginning = ++dir_ending;
|
||||
}
|
||||
|
||||
if ( full_filename )
|
||||
*full_filename = copy_string(filename);
|
||||
if ( bropath_subpath )
|
||||
{
|
||||
char* tmp = copy_string(filename);
|
||||
*bropath_subpath = copy_string(dirname(tmp));
|
||||
delete [] tmp;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -189,8 +189,9 @@ extern int int_list_cmp(const void* v1, const void* v2);
|
|||
|
||||
extern const char* bro_path();
|
||||
extern const char* bro_prefixes();
|
||||
void get_policy_subpath(const char* dir, const char* file, const char** subpath);
|
||||
extern FILE* search_for_file(const char* filename, const char* ext,
|
||||
const char** full_filename, bool load_pkgs);
|
||||
const char** full_filename, bool load_pkgs, const char** bropath_subpath);
|
||||
|
||||
// Renames the given file to a new temporary name, and opens a new file with
|
||||
// the original name. Returns new file or NULL on error. Inits rotate_info if
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ each of "columns", "event", "filter" depending on exactly what it's doing.
|
|||
|
||||
:Author: Jon Siwek <jsiwek@ncsa.illinois.edu>
|
||||
|
||||
:Imports: :doc:`notice </policy/notice>`
|
||||
:Imports: :doc:`frameworks/notice </policy/frameworks/notice/index>`
|
||||
|
||||
Summary
|
||||
~~~~~~~
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue