Suricata enhancements - proposals
My first proposals for suricata plugins enhancement - TLS/SSL. At this moment moloch shows only TLS version, negotiated cipher and some certificate data.
My first proposal is to show also the Diffie-Hellman server parameters, named curve, public key, signature algorithm, signature hash algorithm hash, signature hash algorithm signature and signature length.
I hope - this will be usable also for SSH, IKEv1, IKEv2 and IKEv3 handshake.
(IKEv1-main-Screenshot_20190424_174215.png, IKEv2_SA_INIT_Screenshot_20190424_174651.png, elasticsearch-sshv2.pdf)