Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 23:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

At the moment, SSL connections where the ssl_established event does not fire are not logged.

Browse source 
That means that, for example, connections that are terminated with an alert during the
handshake never appear in the ssl.log.

This patch changes this behavior - now all ssl connections that fire any event are logged.

The protocol confirmation of the ssl analyzer is moved to the client_hello instead to
the server hello. Furthermore, an additional field is added to ssl.log, which indicates
if a connection has been established or not (which probably indicates a handshake problem).
This commit is contained in:
Bernhard Amann 2014-03-04 13:58:58 -08:00
parent d6d26a3ea7
commit ea1616bed5
5 changed files with 39 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
testing/btest/scripts/base/protocols/ssl/tls-1.2-handshake-failure.test Normal file
View file

@ -0,0 +1,2 @@
# @TEST-EXEC: bro -r $TRACES/tls-1.2-handshake-failure.trace %INPUT
# @TEST-EXEC: btest-diff ssl.log