Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 23:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
19634 commits 384 branches 195 tags 258 MiB
Commit graph

61 commits

Author SHA1 Message Date
Johanna Amann
cd21b7f130 Fix x509 analyzer to correctly return ecdsa as the key_type for ecdsa certs. 
Returned dsa so far.

Bug found by Michał Purzyński
 2014-11-25 11:18:07 -08:00
Johanna Amann
8f1cbb8b0a Fix ocsp reply validation - there were a few things that definitely were wrong. 
Now the right signer certificate for the reply is looked up (and no longer assumed that it is the first one) and a few compares are fixed. Plus - there are more test cases that partially send certificates in the ocsp message and partially do not - and it seems to work fine in all cases.

Addresses BIT-1212
 2014-09-04 12:22:55 -07:00
Bernhard Amann
388b8f92ec add starttls support for pop3 2014-05-15 10:25:21 -07:00
Bernhard Amann
6bc914458b Add smtp starttls support 2014-05-15 09:59:43 -07:00
Bernhard Amann
f0b244b8b0 Add new features from other branch to the heartbleed-detector (and clean them up). 
We should now quite reliably detect scans/attacks, even when encrypted and not succesful.
 2014-05-14 15:42:27 -07:00
Bernhard Amann
fb56b22cff Add DH support to SSL analyzer. 
When using DHE or DH-Anon, sever key parameters are now available
in scriptland.

Also add script to alert on weak certificate keys or weak dh-params.
 2014-04-26 23:52:51 -07:00
Bernhard Amann
597c373fa0 Log chosen curve when using ec cipher suite in TLS. 2014-04-26 09:48:36 -07:00
Bernhard Amann
c24629abf4 Add very basic ocsp stapling support. 
This only allows access to the ocsp stapling response data. No verification
or anything else at the moment.
 2014-04-24 12:37:34 -07:00
Bernhard Amann
9b7eb293f1 Add documentation, consts and tests for the new events. 
This also fixes the heartbleed detector to work for encrypted attacks in this
branch again. It stopped working, because the SSL analyzer now successfully detects
established connections, and the scripts usually disable analyzing after that.

(The heartbeat branch should not have been affected)
 2014-04-24 12:05:30 -07:00
Bernhard Amann
5d9fb1631c test for new ssl/tls dpd signature 2014-04-10 14:33:14 -07:00
Bernhard Amann
4da0718511 Finishing touches of the x509 file analyzer. 
Mostly baseline updates and new tests.

addresses BIT-953, BIT-760, BIT-1150
 2014-03-13 15:21:30 -07:00