Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Packetbeat TLS [Client|Server] tls.[client|server].supported_ciphers on one string #34842

Open
FrancoisLAGANT opened this issue Mar 16, 2023 · 3 comments
Labels
enhancement Team:Security-Linux Platform Linux Platform Team in Security Solution

Comments

@FrancoisLAGANT
Copy link

FrancoisLAGANT commented Mar 16, 2023

Hello,
Would it be possible to integrate an additional field concerning the tls client|server support_ciphers?
This field currently is broken down for each cipher presented.
The problem is that we lose the order of preference of the tls client.
So it would be possible to have a text field listing all the ciphers in the order of preference of the client.
Ciphers.list = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, etc"
gold
Ciphers.list = "0xC030, 0xC02C, etc"
Thanks for your feedback.
Cordially

@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Mar 16, 2023
@FrancoisLAGANT FrancoisLAGANT changed the title Packetbeat TLS [Client|Server] tls.client.supported_ciphers | on one string Packetbeat TLS [Client|Server] tls.[client|server].supported_ciphers on one string Mar 16, 2023
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Mar 20, 2023
@efd6
Copy link
Contributor

efd6 commented Mar 22, 2023

I think this probably needs a proposal to the ECS repo first. The loss of cipher preference is unfortunate and something that we should probably try to solve. Making a proposal for this will help us come to the best solution.

@ebeahan ebeahan added Team:Security-Linux Platform Linux Platform Team in Security Solution and removed Team:Security-External Integrations labels Jan 31, 2024
@elasticmachine
Copy link
Collaborator

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement Team:Security-Linux Platform Linux Platform Team in Security Solution
Projects
None yet
Development

No branches or pull requests

5 participants