tls
Contents
tls¶
Event fields used to define/normalize metadata about a TLS(SSL) record. This document is a work in progress, but is a foundational start there is included. Specifically the main foundations of TLS info is already in here
Attributes¶
Name |
Type |
Description |
Sample Value |
|---|---|---|---|
tls_cipher |
string |
The cipher (encryption) parameters used to make the TLS connection |
|
tls_curve |
string |
Elliptic curve the server chose when using ECDH/ECDHE |
|
tls_established |
boolean |
Indicates if the session has been established successfully, or if it was aborted during the handshake |
|
tls_next_protocol |
string |
Next protocol the server chose using the application layer next protocol extension, if present. |
|
tls_resumed |
boolean |
If the session was resumed from previous established connection |
|
tls_server_name |
string |
The name of the requested server/destination, this should be copied to dst_host_name |
|
tls_version |
string |
Version of TLS/SSL used (ie: SSLv3.0, TLSv1.1, TLSv1.2, TLSv1.3 |
|
tls_version_number |
integer |
Numeric value of the tls_version |
```````` |