[Bro] (no subject)
Michał Purzyński
michalpurzynski1 at gmail.com
Tue Nov 25 09:58:21 PST 2014
Hi.
A script that is a slightly modified version of what's shipped with Bro,
gives me interesting results
The script source
http://michal.pastebin.mozilla.org/7542181
Take a look at lines
1. local key_length = cert$key_length;
2.
3. if ( key_length < notify_minimal_key_length )
4. NOTICE([$note=Weak_Key,
I can see (in notice.log) warnings about host using 1024 bit certificate.
Well, the minimal acceptable length is set to 1024 so I should not get any
warnings.
notice.log
1416937779.196106 CoZK6Z1Y61rsevYSCd 63.245.221.32 34715 10.22.72.139 13000
- - - tcp SSL::Weak_Key Host uses weak certificate with 1024 bit key -
63.245.221.32 10.22.72.139 13000 - nsm7-eth4-6 Notice::ACTION_LOG
86400.000000 F
The ssl.log and x509.log show that the connection was over SSL, and the
certificate is 1024 bit.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141125/ed614e20/attachment.html
More information about the Bro
mailing list