mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
e58b03a43f
The added disable-certificate-events-known-certs.zeek disables repeated X509 events in SSL connections, given that the connection terminates at the same server and used the samt SNI as a previously seen connection with the same certificate. For people that see significant amounts of TLS 1.2 traffic, this could reduce the amount of raised events significantly - especially when a lot of connections are repeat connections to the same servers. The practical impact of not raising these events is actually very little - unless a script directly interacts with the x509 events, everything works as before - the x509 variables in the connection records are still being set (from the cache). |
||
|---|---|---|
| .. | ||
| extract | ||
| hash | ||
| pe | ||
| x509 | ||