Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 18:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Recognize TLS 1.3 negotiation correctly.

Browse source 
The way in which TLS 1.3 is negotiated was changed slightly in later
revisions of the standard. The final version is only sent in an
extension - while the version field in the server hello still shows TLS
1.2.

This patch makes ssl.log show the correct version again.
This commit is contained in:
Johanna Amann 2018-03-27 14:58:06 -07:00
parent 961f0dfb25
commit f39efd0317
8 changed files with 57 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
testing/btest/Baseline/scripts.base.protocols.ssl.tls13-experiment/ssl.log
View file

@ -3,8 +3,8 @@
#empty_field (empty)
#unset_field -
#path ssl
#open 2017-09-10-05-23-15
#open 2018-03-27-21-54-13
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
1505019126.007778 CHhAvVGS1DHFjwGM9 192.168.0.2 62873 104.196.219.53 443 TLSv12 TLS_AES_128_GCM_SHA256 x25519 tls.ctf.network T - - T - - - - - -
#close 2017-09-10-05-23-16
1505019126.007778 CHhAvVGS1DHFjwGM9 192.168.0.2 62873 104.196.219.53 443 unknown-32257 TLS_AES_128_GCM_SHA256 x25519 tls.ctf.network T - - T - - - - - -
#close 2018-03-27-21-54-13