tls10.yml

name: TLS 1.0 Traffic
description: Check that TLS 1.0 is properly parsed.
requirements:
  protocols: [tls]
marks: [tls]
pcap: tls10.pcap
probe:
  protocols: [tls]
at_least_one: [tls_server_version, tls_cipher_suite, tls_client_version, tls_ja3,
  tls_issuer_cn, tls_subject_cn, tls_validity_not_before, tls_validity_not_after,
  tls_public_key_alg]

flows:
  - src_ip: 10.100.50.48
    dst_ip: 10.100.50.139
    ip_version: 4
    protocol: 6
    bytes: 3319
    bytes@rev: 3864
    packets: 15
    packets@rev: 11
    src_port: 45216
    dst_port: 7001
    tls_server_version: 0x0301
    tls_cipher_suite: 0xc014
    tls_client_version: 0x0301
    tls_issuer_cn: Flowmon Packet Investigator
    tls_subject_cn: ''
    tls_validity_not_before: 1679647830
    tls_validity_not_after: 1682239830
    tls_public_key_alg: rsaEncryption
    tls_ja3: '0xf51d9908719e96c24a1b539da446a39f'