TLS keyword expansion
Suricata should support more TLS keywords than it currently does. See TLS keyword expansion for more information of what I'm suggesting and add your comments here :)
Updated by Mats Klepsland over 7 years ago
Yeah, this is already planned. The plan is to add custom TLS logging (both for tls-log and json-tls), and then start logging more as more TLS stuff is decoded when more TLS keywords are added. Logging cipher_suite from server_hello is on my todo.