mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
33acfdc630
The original logic stopped decrypting any INITIAL packets after the first. The Firefox/cloudflare pcaps actually show that the server replies with a QUIC INITAL packet containing just ACK frames and no CRYPTO frames. Only the second QUIC INITIAL packet from the server then contains the CRYPTO frames. There's no good reason to stop decryption attempts, either we succeed down the road and then stop, or we fail and raise analyzer violations.
11 lines
727 B
Text
11 lines
727 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path ssl
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert
|
|
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 82.239.54.117 44174 250.58.23.113 443 TLSv13 TLS_AES_128_GCM_SHA256 x25519 blog.cloudflare.com F - - F Cs - - -
|
|
#close XXXX-XX-XX-XX-XX-XX
|