cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who Me Too'd this topic

How to match custom SSL based applications

L4 Transporter

I'm trying to tag a particular application protocol that used TLS/SSL as a security wrapper.

The most accurate way I can ID this application protocol is to match against the FQDN subjectName returned by the server during the certificate handshake.

I've setup a custom App-ID configured as:-

Parent App: ssl

Port: tcp/443

Pattern Match: Context: ssl-rsp-certificate, Pattern: server\.domain\.com

but this isn't matching.  I've also tried using the Context type: ssl-rsp-server-hello and this too fails.

I have confirmed with a tcpdump that this string is present in the server response.

Any clues greatfully received!

Who Me Too'd this topic