New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS logging for session resumption 1.3 #2562
TLS logging for session resumption 1.3 #2562
Conversation
We assume session resumption has occurred if the Client Hello message included a session id, we have not seen the server certificate, but we have seen a Change Cipher Spec message from the server. Previously, these transactions were not logged at all because the server cert was never seen. https://redmine.openinfosecfoundation.org/issues/1969
@thus I'll consider this once you sign off on it |
@inliniac: It looks good to me. |
I missed this previously: as a EVE option is added we'll need an update to the docs as well. |
https://github.com/inliniac/suricata/blob/master/doc/userguide/output/eve/eve-json-format.rst should be updated, but it should probably wait until https://github.com/inliniac/suricata/pull/2568/files#diff-7823d9d82df45a9858e8925a6259022e is merged (or a newer version of it) |
@inliniac To clarify, should I resubmit this PR with the requested doc updates? |
On 20-02-17 19:26, Ray Ruvinskiy wrote:
@inliniac <https://github.com/inliniac> To clarify, should I resubmit
this PR with the requested doc updates?
Yes please! Thanks!
|
Per your suggestion, I'll resubmit after #2580 or its successor is merged. Thanks! |
Replaced by #2602 |
We assume session resumption has occurred if the Client Hello message included
a session id, we have not seen the server certificate, but we have seen a
Change Cipher Spec message from the server.
Previously, these transactions were not logged at all because the server cert
was never seen.
https://redmine.openinfosecfoundation.org/issues/1969
Replaces #2555