Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/Baseline/scripts.base.protocols.ssl.tls1_1/ssl.log
Johanna Amann 94f55532f2 Make parsing of ServerKeyExchange work for D(TLS) < 1.2. 
Now we only parse the SignatureAndHashalgorithm field in cases where it
is present. This change also takes care to respect SCTs, which do
include the SignatureAndHashalgorithm in their digitally-signed struct,
even when used in protocol versions that do not have the
SignatureAndHashalgorithm in the protocols digitally-signed struct.

I also added tests to make sure this does indeed work with TLS 1.1 - it
turns out that so far we did not have a single TLS 1.1 pcap.
2017-11-30 12:20:45 -08:00

10 lines
818 B
Text
Raw Blame History

#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open 2017-11-30-20-08-27
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
1512072318.429417 CHhAvVGS1DHFjwGM9 192.168.17.58 62987 216.58.192.14 443 TLSv11 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA secp256r1 - F - - T F1uIRd10FHM79akjJ1,FBy2pg1ix88ibHSEEf,FlfUEZ3rbay3xxsd9i (empty) CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US CN=Google Internet Authority G2,O=Google Inc,C=US - -
#close 2017-11-30-20-08-27
Reference in a new issue View git blame Copy permalink