[Oisf-devel] [PATCH] Add TLS handshake decoder v2 0/3
Pierre Chifflier
pierre.chifflier at ssi.gouv.fr
Fri Nov 4 17:18:43 UTC 2011
Hi,
Here is the v2 of the TLS handshake decode patches.
Changes since v1:
- coding style, renaming variables names to lowercase and fixing #ifdef guards
- renaming files for consistency
- remove warnings from the parser
- use strlcpy instead of strncpy
- use SCStrdup instead of strdup
-----
These patches add some support for extracting information from
the TLS handshake. The patches are based on the current master branch.
The goal is to be able to read the certificates and extract a few
keywords. This gives a few opportunities:
- using some kind of hash function, it's possible to test if a known
certificate for a site changes,
- we can define some keywords on TLS records, for ex. extract the chosen
cipher for the session. I'm intending to use this to be sure the server
or the client are not trying to do some kine of downgrade attack with a
weak cipher
- we can have some keywords on TLS certificates, to match some subjects
etc.
See http://article.gmane.org/gmane.comp.security.ids.oisf.devel/775 for
details.
Regards,
Pierre Chifflier
More information about the Oisf-devel
mailing list