[Zeek] ssl established but no validation status

Palumbo Mauro mauro.palumbo at aizoon.it
Thu Oct 31 08:48:32 PDT 2019

Hi there,
   I have a question related to the ssl.log. As I am no expert of the SSL protocol, it is higly probable that I am missing something here.

I noticed in the ssl.log several cases where the field "established" is T, but there is no certificate found (no fuids) and the field validation_status in empty (-). In the code I saw that the field "established" is set to T if the event ssl_established  is generated. Is it possible to establish an ssl session without certificates? Is it because some sessions can be resumed with tickets as described in RFC 5077?

I'd appreciate some help to save me some time...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191031/e25a4678/attachment.html 

More information about the Zeek mailing list