[Bro] (no subject)

Michal Purzynski michal at rsbac.org
Tue Nov 25 11:49:57 PST 2014 

Well that's an interesting story, completely off topic ;-)

Anyway, I found the bug, I had the constant redefined somewhere else. 
Const that you can redef are funny sometimes.

On 25/11/14 19:33, Zach Holt wrote:
> Hi Michał,
>
> The standard set by the Certification Authority/Browser (CA/B) Forum 
> required that SSL certificates issued after January 1, 2014 must have 
> a key length of at least 2048-bits. So while some 1024-bit SSL certs 
> may still be valid if they were issued before that date, they are not 
> up to current standards and are quickly becoming deprecated. 
> Additionally, the overlap with SHA-1 phaseout and browser security 
> warnings in the upcoming months, I expect most 1024-bit SSL certs will 
> be killed off quickly.
>
> Hope this helps,
> Zach
>
> Zachary Holt
> Information Security Office
> Carnegie Mellon University
>
>
>
> On Nov 25, 2014, at 12:58 PM, Michał Purzyński 
> <michalpurzynski1 at gmail.com <mailto:michalpurzynski1 at gmail.com>> wrote:
>
>> Hi.
>>
>>
>> A script that is a slightly modified version of what's shipped with 
>> Bro, gives me interesting results
>>
>> The script source
>>
>> http://michal.pastebin.mozilla.org/7542181
>>
>> Take a look at lines
>>
>> 1.
>>     local key_length = cert$key_length;
>> 2.
>> 3.
>>             if ( key_length < notify_minimal_key_length )
>> 4.
>>                     NOTICE([$note=Weak_Key,
>>
>>
>>
>> I can see (in notice.log) warnings about host using 1024 bit 
>> certificate. Well, the minimal acceptable length is set to 1024 so I 
>> should not get any warnings.
>>
>>
>> notice.log
>>
>>
>> 1416937779.196106CoZK6Z1Y61rsevYSCd63.245.221.323471510.22.72.13913000---tcpSSL::Weak_KeyHost 
>> uses weak certificate with 1024 bit 
>> key-63.245.221.3210.22.72.13913000-nsm7-eth4-6Notice::ACTION_LOG86400.000000F 
>>
>>
>>
>> The ssl.log and x509.log show that the connection was over SSL, and 
>> the certificate is 1024 bit.
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org <mailto:bro at bro-ids.org>
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141125/d6b574e8/attachment.html

More information about the Bro mailing list