[Bro] (no subject)

Michał Purzyński michalpurzynski1 at gmail.com
Tue Nov 25 09:58:21 PST 2014


A script that is a slightly modified version of what's shipped with Bro,
gives me interesting results

The script source


Take a look at lines

   1. local key_length = cert$key_length;
   3.         if ( key_length < notify_minimal_key_length )
   4.                 NOTICE([$note=Weak_Key,

I can see (in notice.log) warnings about host using 1024 bit certificate.
Well, the minimal acceptable length is set to 1024 so I should not get any


1416937779.196106 CoZK6Z1Y61rsevYSCd 34715 13000
- - - tcp SSL::Weak_Key Host uses weak certificate with 1024 bit key - 13000 - nsm7-eth4-6 Notice::ACTION_LOG
86400.000000 F

The ssl.log and x509.log show that the connection was over SSL, and the
certificate is 1024 bit.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141125/ed614e20/attachment.html 

More information about the Bro mailing list