it is probably resumed connections. An indication for that is that there
are no server certificates present.
Alternatively - for TLS 1.3 connections validation is not possible
because the certificates are encrypted.
On 31 Oct 2019, at 16:48, Palumbo Mauro wrote:
I have a question related to the ssl.log. As I am no expert of the
SSL protocol, it is higly probable that I am missing something here.
I noticed in the ssl.log several cases where the field "established"
is T, but there is no certificate found (no fuids) and the field
validation_status in empty (-). In the code I saw that the field
"established" is set to T if the event ssl_established is generated.
Is it possible to establish an ssl session without certificates? Is it
because some sessions can be resumed with tickets as described in RFC
I'd appreciate some help to save me some time...
Zeek mailing list