SSL::tls13_secret¶
Description¶
Return data about various TLS 1.3 secrets. Choose which side (client or server) and which secret.
- “app” references the first traffic secret
- “hs” references the handshake traffic secret
- “early” references the client early traffic secret
Syntax¶
SSL::tls13_secret client <app | hs | early>
SSL::tls13_secret server <app | hs>
SSL::tls13_secret client app¶
- Returns the client app secret.
SSL::tls13_secret client hs¶
- Returns the client handshake secret
SSL::tls13_secret client early¶
- Returns the client early traffic secret
SSL::tls13_secret server app¶
- Returns the server app secret.
Examples¶
when CLIENTSSL_HANDSHAKE {
log local0. "ClientSSL: Client Handshake Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret client hs]"
log local0. "ClientSSL: Server Handshake Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret server hs]"
log local0. "ClientSSL: Client App Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret client app]"
log local0. "ClientSSL: Server App Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret server app]"
log local0. "ClientSSL: Client Early Traffic Secret [SSL::clientrandom] is -> [SSL::tls13_secret client early]"
}
Sample log output:
Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 <CLIENTSSL_HANDSHAKE>: ClientSSL: Client Handshake Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 45bb7e8c64f22c1875caf360c55bf117
Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 <CLIENTSSL_HANDSHAKE>: ClientSSL: Server Handshake Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 15a0d98b60eca9643e028f69d9ff0f37
Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 <CLIENTSSL_HANDSHAKE>: ClientSSL: Client App Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 011ff5c058845b5df8401403b818497f
Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 <CLIENTSSL_HANDSHAKE>: ClientSSL: Server App Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 15a0d98b60eca9643e028f69d9ff0f37
Oct 20 00:48:15 kyle-1 info tmm[17817]: Rule /Common/tls13 <CLIENTSSL_HANDSHAKE>: ClientSSL: Client Early Traffic Secret d178111e08e5fd160872c40d57583b99771a32da445c355c4210db20cc7fafbd -> 792a88c7a2faf9003a5d4155918c48170d611c7b7e1b428815d9b72ce781523a