[Zeek] ssl established but no validation status
mauro.palumbo at aizoon.it
Thu Oct 31 08:48:32 PDT 2019
I have a question related to the ssl.log. As I am no expert of the SSL protocol, it is higly probable that I am missing something here.
I noticed in the ssl.log several cases where the field "established" is T, but there is no certificate found (no fuids) and the field validation_status in empty (-). In the code I saw that the field "established" is set to T if the event ssl_established is generated. Is it possible to establish an ssl session without certificates? Is it because some sessions can be resumed with tickets as described in RFC 5077?
I'd appreciate some help to save me some time...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Zeek