Mats Klepsland





10:32 AM Suricata Revision 9556d4fe: doc: add documentation for tls_cert_fingerprint keyword
10:32 AM Suricata Revision 5e6b8c47: detect: add (mpm) keyword tls_cert_fingerprint
Reimplement keyword to match on SHA-1 fingerprint of TLS
certificate as a mpm keyword.
alert tls any any -> any (msg...
10:32 AM Suricata Revision 6ab5d42c: unittests: initialize NSS in unittests runmode
Initialize NSS in unittests runmode when Suricata is compiled with
libnss. Otherwise, calculating SHA-1 sums for TLS ...


06:13 AM Suricata Revision d363a165: app-layer-ssl: fix bug with >255 records in one stream


04:04 PM Suricata Feature #2192: JA3 TLS client fingerprinting
JA3 looks cool. It would probably not be that much job to add it. I'll be willing to implement it. I'm thinking:
* ...


07:41 AM Suricata Revision 23f8cc4a: app-layer-tls: don't decode client certificates
Decoding client certificate overwrites the validity dates from the
server certificate, so we therefore don't decode i...


03:43 AM Suricata Revision 72c75743: app-layer: add decoder event for missing TLS after STARTTLS
03:43 AM Suricata Revision 11b9e6fd: app-layer-ftp: add STARTTLS support
03:43 AM Suricata Revision 8125f78f: app-layer-ftp: detect FTP alproto when using AUTH TLS
Try to detect FTP using the patterns '220 (' and 'FEAT', since 'USER '
and 'PASS ' are not sent in cleartext when usi...
03:43 AM Suricata Revision 74aa6507: output-json-tls: log 'from_proto' field
Log the original application level protocol when protocol have been
changed because of STARTTLS, HTTP CONNECT or simi...

Also available in: Atom