Feature #8520
closedquic: include server header in default eve record as a field
Description
Hoist the server header field, as it makes sense for QUIC. Much like http.
JI Updated by Jason Ish about 1 month ago
- Copied from Feature #8516: http: include server header in default eve record as a field added
PA Updated by Philippe Antoine about 1 month ago
- Status changed from New to Triaged
Do you mean the hostname/sni ?
PA Updated by Philippe Antoine about 1 month ago
- Status changed from Triaged to Feedback
Because you already have quic.sni hoisted up even if you can see it also in the array of extensions
"quic": {
"version": "1",
"sni": "msquic.net",
"ja3": {
"hash": "292bd0719190dff4cb1033de8573310d",
"string": "771,4865-4866-4867,51-0-16-43-13-10-57-45-41,23-29,"
},
"extensions": [
{
"name": "key_share",
"type": 51
},
{
"name": "server_name",
"type": 0,
"values": [
"msquic.net"
]
},
{
"name": "alpn",
"type": 16,
"values": [
"h3-29"
]
},
JI Updated by Jason Ish about 1 month ago
- Description updated (diff)
JI Updated by Jason Ish about 1 month ago · Edited
Ping @eleblond @Peter Manev - is the SNI here enough? Or did you have some other idea about quic?
JI Updated by Jason Ish about 1 month ago
Jason Ish wrote in #note-5:
Ping
eleblond @pevma, is the SNI here enough? Or did you have some other idea about @quic?
@eleblond @Peter Manev
EL Updated by Eric Leblond about 1 month ago · Edited
Jason Ish wrote in #note-6:
Jason Ish wrote in #note-5:
Ping
eleblond @pevma, is the SNI here enough? Or did you have some other idea about @quic?@eleblond @Peter Manev
IMO, the sni key is enough and it is not confusing as similar to what is in TLS.
PA Updated by Philippe Antoine about 1 month ago
- Status changed from Feedback to Rejected
So, I understand there is nothing more to do thanks
PM Updated by Peter Manev about 1 month ago
SNI is good for me as well. If there is fingerprint that would be lovely too as it allows matching inline.