mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 22:58:20 +00:00
e310734d7b
This policy script significantly extends the details that are logged about SSL/TLS handshakes. I am a bit tempted to just make this part of the default log - but it does add a bunch logging overhead for each connection.
23 lines
939 B
Text
23 lines
939 B
Text
# @TEST-EXEC: zeek -b -r $TRACES/tls/dhe.pcap %INPUT
|
|
# @TEST-EXEC: cat ssl.log > ssl-all.log
|
|
# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT
|
|
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
|
# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT
|
|
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
|
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1_1.pcap %INPUT
|
|
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
|
# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_0.pcap %INPUT
|
|
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
|
# @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_2.pcap %INPUT
|
|
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
|
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls13_wolfssl.pcap %INPUT
|
|
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
|
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT
|
|
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
|
|
|
# @TEST-EXEC: btest-diff ssl-all.log
|
|
|
|
# Test the new client and server key exchange events.
|
|
|
|
@load protocols/ssl/ssl-log-ext
|
|
|