Packetbeat: Update TLS protocol cipher suites (elastic#7455) (elastic…

…#7498) The TLS protocol parser has been updated with 5 new cipher suites introduced in TLS 1.3: +------------------------------+-------------+ | Description | Value | +------------------------------+-------------+ | TLS_AES_128_GCM_SHA256 | {0x13,0x01} | | | | | TLS_AES_256_GCM_SHA384 | {0x13,0x02} | | | | | TLS_CHACHA20_POLY1305_SHA256 | {0x13,0x03} | | | | | TLS_AES_128_CCM_SHA256 | {0x13,0x04} | | | | | TLS_AES_128_CCM_8_SHA256 | {0x13,0x05} | +------------------------------+-------------+
andrewkroh · Jul 3, 2018 · 533e026 · 533e026
1 parent 33a5fa3
commit 533e026
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
@@ -304,6 +304,7 @@ https://github.com/elastic/beats/compare/v6.2.3...master[Check the HEAD diff]
 - Allow to capture the HTTP request or response bodies independently. {pull}6784[6784]
 - HTTP publishes an Error event for unmatched requests or responses. {pull}6794[6794]
 - The process monitor now reports the command-line for all processes, under Linux and Windows. {pull}7135[7135]
+- Updated the TLS protocol parser with new cipher suites added to TLS 1.3. {issue}7455[7455]
 
 *Winlogbeat*
 

diff --git a/packetbeat/protos/tls/algos.go b/packetbeat/protos/tls/algos.go
@@ -193,6 +193,13 @@ var cipherSuites = map[cipherSuite]string{
 	0x00C5: "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256",
 
 	0x00FF: "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+
+	0x1301: "TLS_AES_128_GCM_SHA256",
+	0x1302: "TLS_AES_256_GCM_SHA384",
+	0x1303: "TLS_CHACHA20_POLY1305_SHA256",
+	0x1304: "TLS_AES_128_CCM_SHA256",
+	0x1305: "TLS_AES_128_CCM_8_SHA256",
+
 	0x5600: "TLS_FALLBACK_SCSV",
 
 	0xC001: "TLS_ECDH_ECDSA_WITH_NULL_SHA",