[Bro] SSL Question
johanna at icir.org
Wed Jun 8 19:45:30 PDT 2016
The server message sent to the client, including p, g, and Ys is
available in the event ssl_dh_server_params:
I hope this helps,
On 8 Jun 2016, at 19:33, Ben Mixon-Baca wrote:
> I am trying to determine if the prime being used is from apache's
> mod_ssl. I didn't know if it was possible to use some field available
> the Cert record or another record to determine the prime implicitly
> since they are public.
> On 06/08/2016 07:01 PM, Slagell, Adam J wrote:
>> I don’t think you mean to ask what you are asking. In regular DH
>> over a finite field, the prime that determines the group is not even
>> secret or terribly interesting.
>> Stepping back a bit, what are you trying to accomplish?
>>> On Jun 8, 2016, at 8:53 PM, Ben Mixon-Baca <bmixonb1 at cs.unm.edu>
>>> Does Bro make the server's prime it sent to a client in the diffie
>>> hellman key exchange visible?
>>> For example, if a client on my network is talking to an apache
>>> would I be able to print the prime the server sends to the client?
>>> Bro mailing list
>>> bro at bro-ids.org
>> Adam J. Slagell
>> Chief Information Security Officer
>> Director, Cybersecurity Division
>> National Center for Supercomputing Applications
>> University of Illinois at Urbana-Champaign
>> "Under the Illinois Freedom of Information Act (FOIA), any written
>> communication to or from University employees regarding University
>> business is a public record and may be subject to public disclosure."
> Bro mailing list
> bro at bro-ids.org
More information about the Bro