[Bro] Fwd: Logging an SSL Certificate

Alvin Huang alvinh999 at gmail.com
Thu Jul 28 06:30:49 PDT 2011

Hey guys,

I was just wondering if there was a way to log the SSL certificates from an
SSL handshake. I want to log these so that I can check the signer
specifically and check their authenticity. I have been working in Snort IDS
but I haven't been able to get this to work so I am going to try Bro if it
is possible here instead. The main problems I run into on Snort is the TCP
packets not reassembling and figuring out what content match to look for in
the rules (although I can look through Wireshark and pull something out to
try easily). Is this possible in Bro? Someone told me it would be available
out of box on Bro so I am seriously considering this.

Thanks in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20110728/e7d557e3/attachment.html 

More information about the Bro mailing list