[Bro] SSL Question

Ben Mixon-Baca bmixonb1 at cs.unm.edu
Wed Jun 8 19:49:10 PDT 2016 

Maybe a better question is, are the parameters negotiated in the client
and server hello available directly in Bro through the SSL::Info record,
X509::Info record, or some other record? Or are the not directly available?

I am trying to determine if a specific prime is being used.

On 06/08/2016 07:33 PM, Ben Mixon-Baca wrote:
> I am trying to determine if the prime being used is from apache's
> mod_ssl. I didn't know if it was possible to use some field available in
> the Cert record or another record to determine the prime implicitly
> since they are public.
> 
> On 06/08/2016 07:01 PM, Slagell, Adam J wrote:
>> I don’t think you mean to ask what you are asking. In regular DH over a finite field, the prime that determines the group is not even secret or terribly interesting.
>>
>> Stepping back a bit, what are you trying to accomplish?
>>
>> :Adam
>>> On Jun 8, 2016, at 8:53 PM, Ben Mixon-Baca <bmixonb1 at cs.unm.edu> wrote:
>>>
>>> Does Bro make the server's prime it sent to a client in the diffie
>>> hellman key exchange visible?
>>>
>>> For example, if a client on my network is talking to an apache server,
>>> would I be able to print the prime the server sends to the client?
>>> -- 
>>> Ben
>>>
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>> ------
>>
>> Adam J. Slagell
>> Chief Information Security Officer
>> Director, Cybersecurity Division
>> National Center for Supercomputing Applications
>> University of Illinois at Urbana-Champaign
>> www.slagell.info
>>
>> "Under the Illinois Freedom of Information Act (FOIA), any written communication to or from University employees regarding University business is a public record and may be subject to public disclosure." 
>>
>>
>>
>>
>>
>>
>>
>>
> 
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 

-- 
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160608/289abeeb/attachment.bin

More information about the Bro mailing list