SSL::tls13_secret

Description

Return data about various TLS 1.3 secrets. Choose which side (client or server) and which secret.
  • “app” references the first traffic secret
  • “hs” references the handshake traffic secret
  • “early” references the client early traffic secret

Syntax

SSL::tls13_secret client <app | hs | early>
SSL::tls13_secret server <app | hs>

SSL::tls13_secret client app

  • Returns the client app secret.

SSL::tls13_secret client hs

  • Returns the client handshake secret

SSL::tls13_secret client early

  • Returns the client early traffic secret

SSL::tls13_secret server app

  • Returns the server app secret.

SSL::tls13_secret server hs

  • Returns the server handshake secret

Examples

when CLIENTSSL_HANDSHAKE {
     log local0. "ClientSSL: Client Handshake Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret client hs]"
     log local0. "ClientSSL: Server Handshake Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret server hs]"
     log local0. "ClientSSL: Client App Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret client app]"
     log local0. "ClientSSL: Server App Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret server app]"
     log local0. "ClientSSL: Client Early Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret client early]"
 }

 Sample log output:
 Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 <CLIENTSSL_HANDSHAKE>: ClientSSL: Client Handshake Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 45bb7e8c64f22c1875caf360c55bf117
 Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 <CLIENTSSL_HANDSHAKE>: ClientSSL: Server Handshake Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 15a0d98b60eca9643e028f69d9ff0f37
 Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 <CLIENTSSL_HANDSHAKE>: ClientSSL: Client App Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 011ff5c058845b5df8401403b818497f
 Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 <CLIENTSSL_HANDSHAKE>: ClientSSL: Server App Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 15a0d98b60eca9643e028f69d9ff0f37
 Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 <CLIENTSSL_HANDSHAKE>: ClientSSL: Client Early Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 792a88c7a2faf9003a5d4155918c48170d611c7b7e1b428815d9b72ce781523a