SSL_SessConIncon

Sean_McCreary · May 6, 2009, 6:36pm

Since upgrading to Robin's latest cluster policy scripts I'm seeing a
lot of alarms for SSL_SessConIncon notices. ssl.bro raises this notice
when a current SSL connection does not match either the version or
cipher of a previous matching connection, and bro has inferred that the
SSL connection was cached and reused. Is this a known bug in ssl.bro?

FWIW, it only happens with one very busy server on our network, and for
both simap and https connections. I can gather more information if we
need to debug the problem.

robin · May 7, 2009, 8:47pm

I don't think I have heard about this one. Could you file a ticket
with out tracker, if possible with attaching a trace of one
connection triggering such an alarm? Thanks.

Robin

Topic		Replies	Views
question about ssl analyzer Zeek	3	83	May 6, 2022
Detection of SSL clients which invalidate server cert Zeek	3	74	May 6, 2022
Logging an SSL Certificate Zeek	5	64	May 6, 2022
Question about missing cert expired notice... Zeek	2	97	May 6, 2022
Bro for Beginners/Logging SSL Certificate Zeek	2	52	May 6, 2022

SSL_SessConIncon

Related Topics