[Bro] Chacha Poly ciphers
James Lay
jlay at slave-tothe-box.net
Wed Jun 22 16:19:05 PDT 2016
FYI:
1466635836.174656 C42BzN1MQAC2spvAZe 192.168.1.101 39389
31.13.76.84 443 TLSv12 unknown-52392 -
graph.instagram.com F - h2 T
FcMVXF29wZnV4HnQqk,Fc87jcRtH8QGurEX5 (empty)
CN=*.instagram.com,O=Instagram LLC,L=Menlo Park,ST=CA,C=US
CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert
Inc,C=US - - ok
"unknown-52392" is chacha-poly1305
Interestingly, this is correctly detected using ssh:
1466634297.341693 Ca8K4v48feChdL1pQg 192.168.1.253 41500
192.168.1.5 22 2 T - SSH-2.0-OpenSSH_6.6.1p1
Ubuntu-2ubuntu2.7 SSH-2.0-OpenSSH_7.2p2 Debian-5
chacha20-poly1305 at openssh.com umac-64-etm at openssh.com none
curve25519-sha256 at libssh.org ssh-rsa
James
More information about the Bro
mailing list