[Bro] SSL Question
bmixonb1 at cs.unm.edu
Wed Jun 8 19:49:10 PDT 2016
Maybe a better question is, are the parameters negotiated in the client
and server hello available directly in Bro through the SSL::Info record,
X509::Info record, or some other record? Or are the not directly available?
I am trying to determine if a specific prime is being used.
On 06/08/2016 07:33 PM, Ben Mixon-Baca wrote:
> I am trying to determine if the prime being used is from apache's
> mod_ssl. I didn't know if it was possible to use some field available in
> the Cert record or another record to determine the prime implicitly
> since they are public.
> On 06/08/2016 07:01 PM, Slagell, Adam J wrote:
>> I don’t think you mean to ask what you are asking. In regular DH over a finite field, the prime that determines the group is not even secret or terribly interesting.
>> Stepping back a bit, what are you trying to accomplish?
>>> On Jun 8, 2016, at 8:53 PM, Ben Mixon-Baca <bmixonb1 at cs.unm.edu> wrote:
>>> Does Bro make the server's prime it sent to a client in the diffie
>>> hellman key exchange visible?
>>> For example, if a client on my network is talking to an apache server,
>>> would I be able to print the prime the server sends to the client?
>>> Bro mailing list
>>> bro at bro-ids.org
>> Adam J. Slagell
>> Chief Information Security Officer
>> Director, Cybersecurity Division
>> National Center for Supercomputing Applications
>> University of Illinois at Urbana-Champaign
>> "Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure."
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: OpenPGP digital signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160608/289abeeb/attachment.bin
More information about the Bro