Feature #7968
closedtls: log ALPN
Description
Feature request to support logging the TLS application layer protocol chosen by ALPN in TLS event logs.
If the ALPN extension is present in the server hello then include its value in the TLS event log. If the ALPN extension is not present in the server hello then this should also be reflected in the log event, either explicitly (e.g. by logging a null value) or implicitly by omitting it. Usually an explicit indication is best but I don't feel strongly about it as long as the "no ALPN" case can be distinguished.
Updated by Jamie Lavigne about 2 months ago
It would be OK if this output is enabled by extended tls logging.
Updated by Victor Julien about 2 months ago
Duplicate of #7055?
https://github.com/OISF/suricata/pull/11325 has an example of what the log looks like. This is part of 8.0.0+.
Updated by Jamie Lavigne about 2 months ago
Yes, looks like it. That's great news - this feature can be closed as a duplicate then (I don't think I can do it).
Updated by Victor Julien about 2 months ago
- Is duplicate of Feature #7055: tls: log ALPN added
Updated by Victor Julien about 2 months ago
- Status changed from New to Rejected
- Assignee deleted (
OISF Dev) - Target version deleted (
TBD)
Rejected as duplicate of #7055.