SSL::collect

Description

Starts the collection of plaintext data either indefinitely or for the specified amount of data. On successful collection, the corresponding data event is triggered. For clientside collection, the CLIENTSSL_DATA event is triggered. For serverside collection, the SERVERSSL_DATA event is triggered.

Syntax

SSL::collect [<length>]

SSL::collect [<length>]

  • Starts the collection of plaintext data either indefinitely or for the specified amount of data.
  • When <length> is specified, the data event will not be triggered until that length has been collected.

Examples

when CLIENTSSL_HANDSHAKE {
   log local0. "[IP::client_addr]:[TCP::client_port]: SSL handshake completed, collecting SSL payload"
   SSL::collect
}
when CLIENTSSL_DATA {
   log local0. "[IP::client_addr]:[TCP::client_port]: Collected bytes [SSL::payload length], releasing payload"
   log local0. "\[SSL::payload\]: [SSL::payload]"
   SSL::release
}

when SERVERSSL_HANDSHAKE {
  SSL::collect
}
when SERVERSSL_DATA {
  set payload [SSL::payload]
}