Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing/btest/Baseline/scripts.policy.protocols.ssl.ssl-log-ext/ssl-all.log
Johanna Amann a6edbf8bcd Fix parsing of version field in SSLv2 client hello 
It turns out that, for probably a long time, we have reported an
incorrect version when parsing an SSLv2 client hello. We always reported
this as SSLv2, no matter which version the client hello actually
contained.

This bug probably went unnoticed for a long time, as SSLv2 is
essentially unused nowadays, and as this field does not show up in the
default logs.

This was found due to a baseline difference when writing the Spicy SSL
analyzer.
2024-08-22 13:14:24 +01:00

83 lines
12 KiB
Text
Raw Blame History

### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 62277 162.219.2.166 443 TLSv12 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - - F - - T CsxknGIti b706ad178447821cc60aca1e0cd59697333a6178fd1c73f839fbdfb5b76bc507,cb2db573610f401e8d602917bbbe6ab4162255f208efad909d5440691aa0203c (empty) - 771 771 136,255 35,13,15 65281,35,15 300 1024 - - - - - - - - 1,0 1,2,3,1,2,3,1,2,3,1,2,3,1,2,3 6,6,6,5,5,5,4,4,4,3,3,3,2,2,2
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.18.50 56981 74.125.239.97 443 TLSv12 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T CsxknGIti a97a22b691caf62c1623d14abf8a31ac915f14d87f77d8a37c47eb4785b484ad,a047a37fa2d2e118a4f5095fe074d6cfe0e352425a7632bf8659c03919a6c81d,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 (empty) - 771 771 49172,255 11,10,35,13,15 65281,11,35 100800 - 0,1,2 14,13,25,11,12,24,9,10,22,23,8,6,7,20,21,4,5,18,19,1,2,3,15,16,17 - - - - - - 1,0 1,2,3,1,2,3,1,2,3,1,2,3,1,2,3 6,6,6,5,5,5,4,4,4,3,3,3,2,2,2
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.187.164 58868 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T CsxnGIi ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360 (empty) - 769 769 57,56,53,51,50,4,5,47,22,19,65279,10,21,18,65278,9,100,98,3,6 - - - - - - - - - - - - (empty) - -
XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 192.150.187.164 58869 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T CsxnGIi ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360 (empty) - 769 769 57,56,53,51,50,4,5,47,22,19,65279,10,21,18,65278,9,100,98,3,6 - - - - - - - - - - - - 0 - -
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 192.150.187.164 58870 194.127.84.106 443 TLSv10 TLS_RSA_WITH_RC4_128_MD5 - - F - - T CsxnGIi ddd0218a34972ceab3d200b78959bd2b4c95eadf37399df35bfd68a5b658bc78,ba352de8d8faa0ecfdbeee560fa308fe192023d3b18d83a68845933bebf28360 (empty) - 769 769 57,56,53,51,50,4,5,47,22,19,65279,10,21,18,65278,9,100,98,3,6 - - - - - - - - - - - - 0 - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 62987 216.58.192.14 443 TLSv11 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA secp256r1 - F - - T CsxknGIti 22a920a5ec03c819b569ed0fa8b7df258e3e7ea11fdd15b83b6fa45f3e863036,9b759d41e3de30f9d2f902027d792b65d950a98bbb6d6d56be7f2528453bf8e9,3c35cc963eb004451323d3275d05b353235053490d9cd83729a2faf5e7ca1cc0 (empty) - 770 770 49172,49162,57,56,55,54,136,135,134,133,49167,49157,53,132,49171,49161,51,50,49,48,154,153,152,151,69,68,67,66,49166,49156,47,150,65,7,49169,49159,49164,49154,5,4,49170,49160,22,19,16,13,49165,49155,10,255 11,10,35,15 65281,35,11 100800 - 0,1,2 23,25,28,27,24,26,22,14,13,11,12,9,10 - - - - - - 1,0 - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.6.86 63721 104.236.167.107 4433 DTLSv10 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA secp256r1 - F - - T CvCsxknGIti 32e63ffcf5111a3a6337aa00d5186f6d475e962e9400a1dd8ad6eb4a3e177964 (empty) - 65279 65279 49172,49162,57,56,55,54,136,135,134,133,49167,49157,53,132,49171,49161,51,50,49,48,154,153,152,151,69,68,67,66,49166,49156,47,150,65,7,49170,49160,22,19,16,13,49165,49155,10,21,18,15,12,9,20,17,14,11,8,6,255 11,10,35,15,11,10,35,15 65281,35,15 0 - 0,1,2 14,13,25,28,11,12,27,24,9,10,26,22,23,8,6,7,20,21,4,5,18,19,1,2,3,15,16,17 - - - - - - 0 - -
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.17.58 60934 165.227.57.17 4400 DTLSv12 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 secp256r1 - F - - T CvCsxknGIti 6f5446a5b23f4e73925de5e6629c09b1c61ed66537d6d8a7818750c9cd0a67d7 (empty) - 65277 65277 49200,49196,49192,49188,49172,49162,165,163,161,159,107,106,105,104,57,56,55,54,136,135,134,133,49202,49198,49194,49190,49167,49157,157,61,53,132,49199,49195,49191,49187,49171,49161,164,162,160,158,103,64,63,62,51,50,49,48,154,153,152,151,69,68,67,66,49201,49197,49193,49189,49166,49156,156,60,47,150,65,7,49170,49160,22,19,16,13,49165,49155,10,255 11,10,35,13,15,11,10,35,13,15 65281,11,35 7200 - 0,1,2 23,25,28,27,24,26,22,14,13,11,12,9,10 - - - - - - 0 1,2,3,1,2,3,1,2,3,1,2,3,1,2,3 6,6,6,5,5,5,4,4,4,3,3,3,2,2,2
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.186.133 43056 192.168.186.134 9090 TLSv13 TLS_AES_256_GCM_SHA384 secp256r1 - F - - T Cs - - - 771 771 4866 51,43,13,11,10,23 51,43 - - 0 25,24,23,21,19,16,256 - 772,771,770 772 - 23 23 0 3,3,3,3,6,11,5,10,4,9,1,1,1,1,1 6,5,4,2,8,8,8,8,8,8,6,5,4,3,2
#close XXXX-XX-XX-XX-XX-XX
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path ssl
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p version cipher curve server_name resumed last_alert next_protocol established ssl_history cert_chain_fps client_cert_chain_fps sni_matches_cert server_version client_version client_ciphers ssl_client_exts ssl_server_exts ticket_lifetime_hint dh_param_size point_formats client_curves orig_alpn client_supported_versions server_supported_version psk_key_exchange_modes client_key_share_groups server_key_share_group client_comp_methods sigalgs hashalgs
#types time string addr port addr port string string string string bool string string bool string vector[string] vector[string] bool count count vector[count] vector[count] vector[count] count count vector[count] vector[count] vector[string] vector[count] count vector[count] vector[count] count vector[count] vector[count] vector[count]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.86.23 63449 52.32.149.186 443 TLSv13-draft23 TLS_AES_128_GCM_SHA256 x25519 tls13.crypto.mozilla.org F - - T CsiI - - - 771 771 39578,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53,10 19018,65281,0,23,35,13,5,18,16,30032,11,51,45,43,10,24,31354,21 51,43 - - 0 39578,29,23,24 h2,http/1.1 56026,32535,771,770,769 32535 1 39578,29 29 0 3,4,1,3,5,1,6,1,1 4,8,4,5,8,5,8,6,2
#close XXXX-XX-XX-XX-XX-XX
Reference in a new issue View git blame Copy permalink