Closed chadbrubaker closed 8 years ago
Most handlers don't care about TLS records. They care about TLS handshake messages, alerts, ChangeCipherSpecs, etc.
A base TLS handler that exposes TLS records that has events for Client Hello and Server Hello messages would be very helpful for some handlers I'm writing I.e. Lack of forward secrecy key exchange, and use of SHA-1.
Particularly if the handler takes care of buffering.
Currently we have a lot of code that looks at TLS messages looking for configuration issues or other vulns. Instead of redoing this parsing(and any needed buffering) we should have a base class for TLS checking data handlers that handles parsing and just has methods like def on_client_tls(record): ... def on_server_tls(record): ...
In the same style as the HttpDetection handler