[Bro] SSL Question

Ben Mixon-Baca bmixonb1 at cs.unm.edu
Wed Jun 8 19:50:43 PDT 2016 

Awesome that is exactly what I was looking for. Sorry if my question
wasn't clear, I only understand DH at a high level so my terminology
might not have been consistent with convention.

On 06/08/2016 07:45 PM, Johanna Amann wrote:
> The server message sent to the client, including p, g, and Ys is
> available in the event ssl_dh_server_params:
> https://www.bro.org/sphinx/scripts/base/bif/plugins/Bro_SSL.events.bif.bro.html#id-ssl_dh_server_params
> 
> 
> I hope this helps,
>  Johanna
> 
> On 8 Jun 2016, at 19:33, Ben Mixon-Baca wrote:
> 
>> I am trying to determine if the prime being used is from apache's
>> mod_ssl. I didn't know if it was possible to use some field available in
>> the Cert record or another record to determine the prime implicitly
>> since they are public.
>>
>> On 06/08/2016 07:01 PM, Slagell, Adam J wrote:
>>> I don’t think you mean to ask what you are asking. In regular DH over
>>> a finite field, the prime that determines the group is not even
>>> secret or terribly interesting.
>>>
>>> Stepping back a bit, what are you trying to accomplish?
>>>
>>> :Adam
>>>> On Jun 8, 2016, at 8:53 PM, Ben Mixon-Baca <bmixonb1 at cs.unm.edu> wrote:
>>>>
>>>> Does Bro make the server's prime it sent to a client in the diffie
>>>> hellman key exchange visible?
>>>>
>>>> For example, if a client on my network is talking to an apache server,
>>>> would I be able to print the prime the server sends to the client?
>>>> -- 
>>>> Ben
>>>>
>>>> _______________________________________________
>>>> Bro mailing list
>>>> bro at bro-ids.org
>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>
>>> ------
>>>
>>> Adam J. Slagell
>>> Chief Information Security Officer
>>> Director, Cybersecurity Division
>>> National Center for Supercomputing Applications
>>> University of Illinois at Urbana-Champaign
>>> www.slagell.info
>>>
>>> "Under the Illinois Freedom of Information Act (FOIA), any written
>>> communication to or from University employees regarding University
>>> business is a public record and may be subject to public disclosure."
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> -- 
>> Ben
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-- 
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160608/a3f48228/attachment.bin

More information about the Bro mailing list