aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

output-json-tls: don't log as "resumed" without ServerHello

Browse Source 
Don't log a session as "resumed" if a ServerHello record has not been
seen. This makes sure that incomplete TLS sessions where the ClientHello
contains a session ticket, is not logged as a session resumption.
pull/3488/head
Mats Klepsland 7 years ago
parent 4470b05ae4
commit 814e1624c2
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
src/output-json-tls.c
Unescape Escape View File

@ -135,6 +135,7 @@ static void JsonTlsLogSessionResumed(json_t *js, SSLState *ssl_state)
been seen, and the session is not TLSv1.3 or later. */ been seen, and the session is not TLSv1.3 or later. */
if ((ssl_state->server_connp.cert0_issuerdn == NULL && if ((ssl_state->server_connp.cert0_issuerdn == NULL &&
ssl_state->server_connp.cert0_subject == NULL) && ssl_state->server_connp.cert0_subject == NULL) &&
(ssl_state->flags & SSL_AL_FLAG_STATE_SERVER_HELLO) &&
((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0)) { ((ssl_state->flags & SSL_AL_FLAG_LOG_WITHOUT_CERT) == 0)) {
json_object_set_new(js, "session_resumed", json_boolean(true)); json_object_set_new(js, "session_resumed", json_boolean(true));
} }

Write Preview
Loading…
Cancel
Save