mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 02:28:21 +00:00
94f55532f2
Now we only parse the SignatureAndHashalgorithm field in cases where it is present. This change also takes care to respect SCTs, which do include the SignatureAndHashalgorithm in their digitally-signed struct, even when used in protocol versions that do not have the SignatureAndHashalgorithm in the protocols digitally-signed struct. I also added tests to make sure this does indeed work with TLS 1.1 - it turns out that so far we did not have a single TLS 1.1 pcap.
10 lines
763 B
Text
10 lines
763 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path ssl
|
|
#open 2017-11-30-19-59-22
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established cert_chain_fuids client_cert_chain_fuids subject issuer client_subject client_issuer
|
|
#types time string addr port addr port string string string string bool string string bool vector[string] vector[string] string string string string
|
|
1512070268.983215 CHhAvVGS1DHFjwGM9 192.168.17.58 60934 165.227.57.17 4400 DTLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T Fox0Fc3MY8kLKfhNK6 (empty) O=Internet Widgits Pty Ltd,ST=Some-State,C=AU O=Internet Widgits Pty Ltd,ST=Some-State,C=AU - -
|
|
#close 2017-11-30-19-59-22
|