Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

TLS Session Fields

See original GitHub issue

Is there already a consensus as to where to place session properties for TLS sessions? I found some reference to a tls subtree in #64, but nothing in the schema itself.

Will there be some session.tls group or the like with TLS session related fields, eg. protocol versions, ciphers, session identifier, and the like?

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:7 (4 by maintainers)

Top GitHub Comments

2reactions

peterprambcommented, May 12, 2019

Thanks for the hint.

The field list in Packetbeat is fairly exhaustive. The only missing field for our use case is the verification result of the provided client certificate (which is really an application property and nothing available on network level), so for the sake of completeness something like:

- name: tls.client_certificate_verification_result
  type: keyword
  description: >
    The result of the server side verification of the provided client certificate.
    This is specific to the application terminating the TLS session. The value
    depends on the TLS library in use. With OpenSSL the resulting string is
    usually one of 'NONE', 'SUCCESS', 'GENEROUS', or 'FAILED:reason'.

And for the certificate attributes I specifically miss (L)ocality and Street, which can be ocasionally seen in the wild.

0reactions

peterprambcommented, Apr 29, 2020

Ok, fine for me.

Top Results From Across the Web

What happens in a TLS handshake? | SSL ... - Cloudflare

In a TLS/SSL handshake, clients and servers exchange SSL certificates, cipher suite requirements, and randomly generated data for creating session keys.

Networking 101: Transport Layer Security (TLS)

TLS runs over a reliable transport (TCP), which means that we must first complete the TCP three-way handshake, which takes one full roundtrip....

Traffic analysis of a TLS session - Seb's IT blog

In this post I want to show what happens at the protocol level when we use SSL/TLS. It is important to note that...

TLS Session Tickets - IETF

Standards Track [Page 1] RFC 5077 Stateless TLS Session Resumption January 2008 ... The extension_data field of SessionTicket extension contains the ticket.

Transport Layer Security - Wikipedia

DescriptionEdit · The handshake begins when a client connects to a TLS-enabled server requesting a secure connection and the client presents a list...