diff --git a/src/analyzer/protocol/ssl/spicy/SSL.evt b/src/analyzer/protocol/ssl/spicy/SSL.evt
index 7d93bbccd3..a01180d753 100644
--- a/src/analyzer/protocol/ssl/spicy/SSL.evt
+++ b/src/analyzer/protocol/ssl/spicy/SSL.evt
@@ -17,7 +17,7 @@ on SSL::EllipticCurveList -> event ssl_extension_elliptic_curves($conn, SSL::get
 
 on SSL::EcPointsFormat_extension -> event ssl_extension_ec_point_formats($conn, SSL::get_direction(sh), self.ec_point_format_list);
 
-on SSL::ServerNameList -> event ssl_extension_server_name($conn, SSL::get_direction(sh), SSL::convert_server_names(self));
+on SSL::ServerNameList -> event ssl_extension_server_name($conn, SSL::get_direction(sh), self.server_name_list);
 
 on SSL::NewSessionTicket -> event ssl_session_ticket_handshake($conn, self.ticket_lifetime_hint, self.ticket);
 
@@ -33,15 +33,15 @@ on SSL::Extension -> event ssl_extension($conn, SSL::get_direction(sh), self.cod
 
 on SSL::Handshake_message::length -> event ssl_handshake_message($conn, SSL::get_direction(sh), self.msg_type, self.length);
 
-on SSL::SignatureAlgorithms -> event ssl_extension_signature_algorithm($conn, SSL::get_direction(sh), SSL::convert_signature_algorithms(self));
+on SSL::SignatureAlgorithms -> event ssl_extension_signature_algorithm($conn, SSL::get_direction(sh), self.supported_signature_algorithms_converted);
 
 on SSL::ServerHelloKeyShare -> event ssl_extension_key_share($conn, SSL::get_direction(sh), vector<uint16>(self.keyshare.namedgroup,));
 
 on SSL::HelloRetryRequestKeyShare -> event ssl_extension_key_share($conn, SSL::get_direction(sh), vector<uint16>(self.namedgroup,));
 
-on SSL::ClientHelloKeyShare -> event ssl_extension_key_share($conn, SSL::get_direction(sh), SSL::convert_clienthellokeyshare(self));
+on SSL::ClientHelloKeyShare -> event ssl_extension_key_share($conn, SSL::get_direction(sh), self.named_groups);
 
-on SSL::OfferedPsks -> event ssl_extension_pre_shared_key_client_hello($conn, SSL::get_direction(sh), SSL::convert_identities(self.identities), SSL::convert_binders(self.binders));
+on SSL::OfferedPsks -> event ssl_extension_pre_shared_key_client_hello($conn, SSL::get_direction(sh), self.identities, self.binders);
 
 on SSL::SelectedPreSharedKeyIdentity -> event ssl_extension_pre_shared_key_server_hello($conn, SSL::get_direction(sh), self.selected_identity);
 
@@ -62,7 +62,7 @@ on SSL::DhClientKeyExchange -> event ssl_dh_client_params($conn, self.dh_Yc);
 
 on SSL::RsaClientKeyExchange -> event ssl_rsa_client_pms($conn, self.rsa_pms);
 
-on SSL::ProtocolNameList -> event ssl_extension_application_layer_protocol_negotiation($conn, SSL::get_direction(sh), SSL::convert_protocol_name_list(self));
+on SSL::ProtocolNameList -> event ssl_extension_application_layer_protocol_negotiation($conn, SSL::get_direction(sh), self.protocol_name_list);
 
 on SSL::SignedCertificateTimestamp -> event ssl_extension_signed_certificate_timestamp($conn, SSL::get_direction(sh), self.version, self.logid, self.timestamp, tuple(self.digitally_signed_algorithms.hash, self.digitally_signed_algorithms.signature), self.digitally_signed_signature);
 
@@ -78,7 +78,7 @@ on SSL::Heartbeat -> event ssl_heartbeat($conn, SSL::get_direction(sh), length,
 
 on SSL::CertificateStatus -> event ssl_stapled_ocsp($conn, $is_orig, self.response);
 
-on SSL::CertificateRequest if ( SSL::uses_signature_and_hashalgorithm(sh) ) -> event ssl_certificate_request($conn, SSL::get_direction(sh), self.certificate_types, SSL::convert_signature_algorithms(self.supported_signature_algorithms), SSL::convert_certificate_authorities(self));
-on SSL::CertificateRequest if ( ! SSL::uses_signature_and_hashalgorithm(sh) ) -> event ssl_certificate_request($conn, SSL::get_direction(sh), self.certificate_types, SSL::create_empty_sigmature_algorithms(), SSL::convert_certificate_authorities(self));
+on SSL::CertificateRequest if ( SSL::uses_signature_and_hashalgorithm(sh) ) -> event ssl_certificate_request($conn, SSL::get_direction(sh), self.certificate_types, self.supported_signature_algorithms.supported_signature_algorithms_converted, self.certificate_authorities);
+on SSL::CertificateRequest if ( ! SSL::uses_signature_and_hashalgorithm(sh) ) -> event ssl_certificate_request($conn, SSL::get_direction(sh), self.certificate_types, SSL::create_empty_sigmature_algorithms(), self.certificate_authorities);
 
 on SSL::DirectionCheck::%done if ( self.was_flipped ) -> event ssl_connection_flipped($conn);
diff --git a/src/analyzer/protocol/ssl/spicy/SSL.spicy b/src/analyzer/protocol/ssl/spicy/SSL.spicy
index b0fe8a75d7..6f8534c649 100644
--- a/src/analyzer/protocol/ssl/spicy/SSL.spicy
+++ b/src/analyzer/protocol/ssl/spicy/SSL.spicy
@@ -870,7 +870,7 @@ type CertificateRequest = unit(sh: Share) {
     False -> : bytes &size=0;
   };
   certificate_authorities_len: uint16;
-  certificate_authorities: CertificateAuthority[] &size=self.certificate_authorities_len;
+  certificate_authorities: CertificateAuthority[] &size=self.certificate_authorities_len &convert=convert_certificate_authorities($$);
 };
 
 type CertificateAuthority = unit {
@@ -1059,8 +1059,8 @@ type PSKBindersList = unit {
 };
 
 type OfferedPsks = unit(sh: Share) {
-  identities: PSKIdentitiesList;
-  binders: PSKBindersList;
+  identities: PSKIdentitiesList &convert=convert_identities($$);
+  binders: PSKBindersList &convert=convert_binders($$);
 };
 
 type PreSharedKey = unit(sh: Share, client_hello: bool) {
@@ -1121,6 +1121,11 @@ type ServerHelloKeyShareChoice = unit(sh: Share, length: uint16) {
 type ClientHelloKeyShare = unit(sh: Share) {
   length: uint16;
   keyshares : KeyShareEntry[] &size=self.length;
+
+  var named_groups: vector<uint16>;
+  on keyshares {
+    self.named_groups = convert_clienthellokeyshare(self.keyshares);
+  }
 };
 
 type KeyShare = unit(client_hello: bool, sh: Share, length: uint16) {
@@ -1170,7 +1175,7 @@ type ProtocolName = unit {
 
 type ProtocolNameList = unit(sh: Share) {
   length: uint16;
-  protocol_name_list: ProtocolName[] &size=self.length;
+  protocol_name_list: ProtocolName[] &size=self.length &convert=convert_protocol_name_list($$);
 };
 
 type ServerName = unit {
@@ -1187,7 +1192,7 @@ type ServerName = unit {
 
 type ServerNameList = unit(sh: Share) {
   length: uint16;
-  server_name_list: ServerName[] &size=self.length;
+  server_name_list: ServerName[] &size=self.length &convert=SSL::convert_server_names($$);
 };
 
 type EcPointsFormat_extension = unit(sh: Share) {
@@ -1200,16 +1205,21 @@ type EllipticCurveList = unit(sh: Share) {
   elliptic_curve_list: uint16[self.length/2]; # when possible - convert to enum
 };
 
-type SignatureAlgorithms = unit(sh: Share) {
-  length: uint16;
-  supported_signature_algorithms: SignatureAndHashAlgorithm[] &size=self.length;
-};
-
 type SignatureAndHashAlgorithm = unit {
   hash: uint8; # &convert=HashAlgorithm($$);
   signature: uint8; # &convert=SignatureAlgorithm($$);
 };
 
+type SignatureAlgorithms = unit(sh: Share) {
+  length: uint16;
+  supported_signature_algorithms: SignatureAndHashAlgorithm[] &size=self.length;
+  var supported_signature_algorithms_converted: vector<tuple<uint8, uint8>>;
+
+  on supported_signature_algorithms {
+    self.supported_signature_algorithms_converted = convert_signature_algorithms(self.supported_signature_algorithms);
+  }
+};
+
 type RenegotiationInfo = unit {
   length: uint8;
   renegotiated_connection: bytes &size=self.length;
@@ -1749,18 +1759,18 @@ type SingleCertificate = unit {
 
 import zeek;
 
-public function convert_server_names(snl: SSL::ServerNameList) : vector<bytes> {
+public function convert_server_names(snl: vector<ServerName>) : vector<bytes> {
   local out: vector<bytes>;
 
-  for ( i in snl.server_name_list )
+  for ( i in snl )
     out.push_back(i.host_name);
 
   return out;
 }
 
-public function convert_signature_algorithms(sa: SSL::SignatureAlgorithms) : vector<tuple<HashAlgorithm: uint8, SignatureAlgorithm: uint8>> {
+public function convert_signature_algorithms(sa: vector<SignatureAndHashAlgorithm>) : vector<tuple<HashAlgorithm: uint8, SignatureAlgorithm: uint8>> {
   local out: vector<tuple<uint8, uint8>>;
-  for ( i in sa.supported_signature_algorithms )
+  for ( i in sa )
     out.push_back(tuple(i.hash, i.signature));
 
   return out;
@@ -1771,10 +1781,10 @@ public function create_empty_sigmature_algorithms() : vector<tuple<HashAlgorithm
   return out;
 }
 
-public function convert_clienthellokeyshare(ks: SSL::ClientHelloKeyShare) : vector<uint16> {
+public function convert_clienthellokeyshare(ks: vector<KeyShareEntry>) : vector<uint16> {
   local out: vector<uint16>;
 
-  for ( i in ks.keyshares )
+  for ( i in ks )
     out.push_back(i.namedgroup);
 
   return out;
@@ -1796,16 +1806,16 @@ public function convert_identities(id: SSL::PSKIdentitiesList) : vector<tuple<id
   return out;
 }
 
-public function convert_protocol_name_list(pns: SSL::ProtocolNameList) : vector<bytes> {
+public function convert_protocol_name_list(pns: vector<ProtocolName>) : vector<bytes> {
   local out: vector<bytes>;
-  for ( i in pns.protocol_name_list )
+  for ( i in pns )
     out.push_back(i.name);
   return out;
 }
 
-public function convert_certificate_authorities(c: SSL::CertificateRequest) : vector<bytes> {
+public function convert_certificate_authorities(c: vector<CertificateAuthority>) : vector<bytes> {
   local out: vector<bytes>;
-  for ( i in c.certificate_authorities )
+  for ( i in c )
     out.push_back(i.certificate_authority);
   return out;
 }