CLIENTSSL_CLIENTHELLO¶
Description¶
Triggered when the system has received the client’s SSL ClientHello
message, after a clientssl profile has been selected and before the
system sends its SSL ServerHello message. Zero or more SSL extensions
may be received from or sent to the peer at this stage in the SSL
handshake.
This event is primarily useful for retrieving extension information.
It is not possible to utilize SSL::extensions or other SSL commands to
make a profile selection using the SSL::profile command. To select a
profile based on the Client Hello contents, it is still required to
manually interpret the raw TCP data in CLIENT_DATA. Though the Client
Hello is where the client proposes ciphers, there is no command to
access this information in the event.
Examples¶
when CLIENTSSL_CLIENTHELLO {
set my_ext "Hello world!"
set my_ext_type 62965
SSL::extensions insert [binary format S1S1a* $my_ext_type [string length $my_ext] $my_ext]
}
when CLIENTSSL_CLIENTHELLO {
set ext_count [SSL::extensions count]
log local0.info "SSL::extensions count = $ext_count"
for {set i 0} {$i<$ext_count} {incr i} {
binary scan [SSL::extensions -index $i] S1S1H* ext_type ext_len ext
set ext_type [expr {$ext_type & 0xffff}]
set ext_len [expr {$ext_len & 0xffff}]
log local0.info "SSL extension #[expr {$i + 1}]: (type $ext_type len $ext_len) $ext"
}
}
Sample log output:
: SSL::extensions count = 1
: SSL extension #1: (type 65281 len 1) 00