[Bro] (no subject)
Michal Purzynski
michal at rsbac.org
Tue Nov 25 11:49:57 PST 2014
Well that's an interesting story, completely off topic ;-)
Anyway, I found the bug, I had the constant redefined somewhere else.
Const that you can redef are funny sometimes.
On 25/11/14 19:33, Zach Holt wrote:
> Hi Michał,
>
> The standard set by the Certification Authority/Browser (CA/B) Forum
> required that SSL certificates issued after January 1, 2014 must have
> a key length of at least 2048-bits. So while some 1024-bit SSL certs
> may still be valid if they were issued before that date, they are not
> up to current standards and are quickly becoming deprecated.
> Additionally, the overlap with SHA-1 phaseout and browser security
> warnings in the upcoming months, I expect most 1024-bit SSL certs will
> be killed off quickly.
>
> Hope this helps,
> Zach
>
> Zachary Holt
> Information Security Office
> Carnegie Mellon University
>
>
>
> On Nov 25, 2014, at 12:58 PM, Michał Purzyński
> <michalpurzynski1 at gmail.com <mailto:michalpurzynski1 at gmail.com>> wrote:
>
>> Hi.
>>
>>
>> A script that is a slightly modified version of what's shipped with
>> Bro, gives me interesting results
>>
>> The script source
>>
>> http://michal.pastebin.mozilla.org/7542181
>>
>> Take a look at lines
>>
>> 1.
>> local key_length = cert$key_length;
>> 2.
>> 3.
>> if ( key_length < notify_minimal_key_length )
>> 4.
>> NOTICE([$note=Weak_Key,
>>
>>
>>
>> I can see (in notice.log) warnings about host using 1024 bit
>> certificate. Well, the minimal acceptable length is set to 1024 so I
>> should not get any warnings.
>>
>>
>> notice.log
>>
>>
>> 1416937779.196106CoZK6Z1Y61rsevYSCd63.245.221.323471510.22.72.13913000---tcpSSL::Weak_KeyHost
>> uses weak certificate with 1024 bit
>> key-63.245.221.3210.22.72.13913000-nsm7-eth4-6Notice::ACTION_LOG86400.000000F
>>
>>
>>
>> The ssl.log and x509.log show that the connection was over SSL, and
>> the certificate is 1024 bit.
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org <mailto:bro at bro-ids.org>
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141125/d6b574e8/attachment.html
More information about the Bro
mailing list