Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

TLS decryption: remove payload from ssl_encrypted_data again.

Browse source 
There is no reason to make the payload available in the event - it is
still encrypted.
This commit is contained in:
Johanna Amann 2021-10-19 17:28:59 +02:00
parent eabb6eb743
commit fe4e06e8ca
8 changed files with 7 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/policy/protocols/ssl/decryption.zeek
View file

@ -77,7 +77,7 @@ event ssl_client_hello(c: connection, version: count, record_version: count, pos
}
}
event ssl_encrypted_data(c: connection, is_orig: bool, record_version: count, content_type: count, length: count, payload: string)
event ssl_encrypted_data(c: connection, is_orig: bool, record_version: count, content_type: count, length: count)
{
if ( c$ssl?$client_random )
{