Even more SSL fixes

Description

There are still a few small things that I plan to fix for 2.3

  • detect tls protocol failures even earlier (done, just not committed)

  • better heartbleed detection (done, but I need to clean it up)

  • add starttls support to smtp/pop3

  • clean up the way dates are extracted from certs (found a different nicer API to use in OpenSSL, have to implement it)

  • perhaps: allow OCSP validation with data from stapling

Environment

None

Activity

Show:
amannb
May 16, 2014, 6:40 PM

Everything besides cleaning up date extraction is done. And that will take a bit.

amannb
May 16, 2014, 6:40 PM

Updates are in branch topic/bernhard/even-more-ssl-changes in bro and testing.

Assignee

Robin Sommer

Reporter

Johanna Amann

Labels

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Normal
Configure