Forum Discussion
Stanislas_Piro2
Mar 27, 2018Cumulonimbus
I am wondering what is the output of
[SSL::cipher name]
in CLIENTSSL_CLIENTHELLO
event
In this event, the client send a list of ciphers, not only one.
same for the TLS version.
- if the client support TLS 1.1, the client send a TLS packet with version 1.0 (0x0301) with handshake version of 1.1 (0x0302)
- if the client support TLS 1.2, the client send a TLS packet with version 1.0 (0x0301) with handshake version of 1.2 (0x0303)
- if the client support TLS 1.3, the client send a TLS packet with version 1.0 (0x0301) with handshake version of 1.2 (0x0303) and with supported_version extension of 1.3 (0x0304 for approved TLS 1.3 client, 0x7FXX for TLS 1.3 draft compatible clients)
the output of
log local0.info " [IP::client_addr] [SSL::cipher name] [SSL::cipher version]"
should be interesting