git.ipfire.org Git - thirdparty/suricata.git/commit

author	Richard McConnell <Richard_McConnell@rapid7.com>
	Thu, 24 Apr 2025 10:46:47 +0000 (11:46 +0100)
committer	Victor Julien <victor@inliniac.net>
	Fri, 16 May 2025 19:33:54 +0000 (21:33 +0200)
commit	94c8be22d4084ec33b28666649f929f345056da5
tree	26fe846b3b465433c3492198da3d6faa7b60a48e	tree
parent	912030cbf4cf9b7e0734b7b989b080a15e67282a	commit \| diff

output/tls: Allow logging of cl-handshake params

Ticket: 6695

Add new custom log fields:

"client_handshake" which logs the following:
1. TLS version used during handshake
2. TLS extensions, excluding GREASE, SNI and ALPN
3. All cipher suites, excluding GREASE
4. All signature algorithms, excluding GREASE

The use-case is for logging TLS handshake parameters in order to survey
them, and so that JA4 hashes can be computed offline (in the case that
they're not already computed for the purposes of rule matching).

doc/userguide/output/eve/eve-json-format.rst		diff \| blob \| blame \| history
etc/schema.json		diff \| blob \| blame \| history
rust/src/handshake.rs		diff \| blob \| blame \| history
src/output-json-tls.c		diff \| blob \| blame \| history
suricata.yaml.in		diff \| blob \| blame \| history