-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add KeyUsage, ExtendedKeyUsage, CipherSuite & Protocol to SSL diagnostics #63784
Comments
Pinging @elastic/es-security (:Security/Network) |
I'd like to start contributing to this issue. |
Hi, @tvernum . I'd like to work on this issue. Can you please provide a general format for how you want the 4 new strings to appear? |
@AGZain , @Moe82 you'll need to coordinate between yourselves as to who is looking at this. The class that needs to change is SslDiagnostics but I haven't looked at this in enough detail to know exactly how we should represent these value, or where we should slot them in. |
I assumed the other user was no longer interested. @AGZain , let me know if you still want to work on it. |
Ok, seems like AGZain is no longer interested. I'll pick it up. |
Hi @Moe82, are you working on this? |
hi @sindhusp , not at the moment. Was planning on resuming mid December after my school semester ends. But feel free to work on it. If you can't figure it out by then, please let me know. |
@tvernum Can you please review my PR for this issue? |
Per https://discuss.elastic.co/t/ldaps-and-chain-of-certificates/250724 it's possible to get an SSL failure & diagnostic when the cipher requires certain key usage that is not permitted by the certificate.
To assist in such diagnostics, it would be of assistance to print out the ceritficate's KeyUsage and the session's Cipher suite in the message.
While we're doing that, the cert's ExtendedKeyUsage and session Protocol are probably worth including as well.
The text was updated successfully, but these errors were encountered: