Expand description
Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files.
Constantsยง
- TLS_
CIPHER - String indicating the cipher used during the current connection.
- TLS_
CLIENT_ CERTIFICATE - PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of
client.certificate_chainsince this value also exists in that list. - TLS_
CLIENT_ CERTIFICATE_ CHAIN - Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of
client.certificatesince that value should be the first certificate in the chain. - TLS_
CLIENT_ HASH_ MD5 - Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_
CLIENT_ HASH_ SHA1 - Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_
CLIENT_ HASH_ SHA256 - Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_
CLIENT_ ISSUER - Distinguished name of subject of the issuer of the x.509 certificate presented by the client.
- TLS_
CLIENT_ JA3 - A hash that identifies clients based on how they perform an SSL/TLS handshake.
- TLS_
CLIENT_ NOT_ AFTER - Date/Time indicating when client certificate is no longer considered valid.
- TLS_
CLIENT_ NOT_ BEFORE - Date/Time indicating when client certificate is first considered valid.
- TLS_
CLIENT_ SERVER_ NAME - Also called an SNI, this tells the server which hostname to which the client is attempting to connect to. When this value is available, it should get copied to
destination.domain. - TLS_
CLIENT_ SUBJECT - Distinguished name of subject of the x.509 certificate presented by the client.
- TLS_
CLIENT_ SUPPORTED_ CIPHERS - Array of ciphers offered by the client during the client hello.
- TLS_
CLIENT_ X509_ ALTERNATIVE_ NAMES - List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses.
- TLS_
CLIENT_ X509_ ISSUER_ COMMON_ NAME - List of common name (CN) of issuing certificate authority.
- TLS_
CLIENT_ X509_ ISSUER_ COUNTRY - List of country (C) codes
- TLS_
CLIENT_ X509_ ISSUER_ DISTINGUISHED_ NAME - Distinguished name (DN) of issuing certificate authority.
- TLS_
CLIENT_ X509_ ISSUER_ LOCALITY - List of locality names (L)
- TLS_
CLIENT_ X509_ ISSUER_ ORGANIZATION - List of organizations (O) of issuing certificate authority.
- TLS_
CLIENT_ X509_ ISSUER_ ORGANIZATIONAL_ UNIT - List of organizational units (OU) of issuing certificate authority.
- TLS_
CLIENT_ X509_ ISSUER_ STATE_ OR_ PROVINCE - List of state or province names (ST, S, or P)
- TLS_
CLIENT_ X509_ NOT_ AFTER - Time at which the certificate is no longer considered valid.
- TLS_
CLIENT_ X509_ NOT_ BEFORE - Time at which the certificate is first considered valid.
- TLS_
CLIENT_ X509_ PUBLIC_ KEY_ ALGORITHM - Algorithm used to generate the public key.
- TLS_
CLIENT_ X509_ PUBLIC_ KEY_ CURVE - The curve used by the elliptic curve public key algorithm. This is algorithm specific.
- TLS_
CLIENT_ X509_ PUBLIC_ KEY_ EXPONENT - Exponent used to derive the public key. This is algorithm specific.
- TLS_
CLIENT_ X509_ PUBLIC_ KEY_ SIZE - The size of the public key space in bits.
- TLS_
CLIENT_ X509_ SERIAL_ NUMBER - Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters.
- TLS_
CLIENT_ X509_ SIGNATURE_ ALGORITHM - Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353.
- TLS_
CLIENT_ X509_ SUBJECT_ COMMON_ NAME - List of common names (CN) of subject.
- TLS_
CLIENT_ X509_ SUBJECT_ COUNTRY - List of country (C) code
- TLS_
CLIENT_ X509_ SUBJECT_ DISTINGUISHED_ NAME - Distinguished name (DN) of the certificate subject entity.
- TLS_
CLIENT_ X509_ SUBJECT_ LOCALITY - List of locality names (L)
- TLS_
CLIENT_ X509_ SUBJECT_ ORGANIZATION - List of organizations (O) of subject.
- TLS_
CLIENT_ X509_ SUBJECT_ ORGANIZATIONAL_ UNIT - List of organizational units (OU) of subject.
- TLS_
CLIENT_ X509_ SUBJECT_ STATE_ OR_ PROVINCE - List of state or province names (ST, S, or P)
- TLS_
CLIENT_ X509_ VERSION_ NUMBER - Version of x509 format.
- TLS_
CURVE - String indicating the curve used for the given cipher, when applicable.
- TLS_
ESTABLISHED - Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel.
- TLS_
NEXT_ PROTOCOL - String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case.
- TLS_
RESUMED - Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation.
- TLS_
SERVER_ CERTIFICATE - PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of
server.certificate_chainsince this value also exists in that list. - TLS_
SERVER_ CERTIFICATE_ CHAIN - Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of
server.certificatesince that value should be the first certificate in the chain. - TLS_
SERVER_ HASH_ MD5 - Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_
SERVER_ HASH_ SHA1 - Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_
SERVER_ HASH_ SHA256 - Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_
SERVER_ ISSUER - Subject of the issuer of the x.509 certificate presented by the server.
- TLS_
SERVER_ JA3S - A hash that identifies servers based on how they perform an SSL/TLS handshake.
- TLS_
SERVER_ NOT_ AFTER - Timestamp indicating when server certificate is no longer considered valid.
- TLS_
SERVER_ NOT_ BEFORE - Timestamp indicating when server certificate is first considered valid.
- TLS_
SERVER_ SUBJECT - Subject of the x.509 certificate presented by the server.
- TLS_
SERVER_ X509_ ALTERNATIVE_ NAMES - List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses.
- TLS_
SERVER_ X509_ ISSUER_ COMMON_ NAME - List of common name (CN) of issuing certificate authority.
- TLS_
SERVER_ X509_ ISSUER_ COUNTRY - List of country (C) codes
- TLS_
SERVER_ X509_ ISSUER_ DISTINGUISHED_ NAME - Distinguished name (DN) of issuing certificate authority.
- TLS_
SERVER_ X509_ ISSUER_ LOCALITY - List of locality names (L)
- TLS_
SERVER_ X509_ ISSUER_ ORGANIZATION - List of organizations (O) of issuing certificate authority.
- TLS_
SERVER_ X509_ ISSUER_ ORGANIZATIONAL_ UNIT - List of organizational units (OU) of issuing certificate authority.
- TLS_
SERVER_ X509_ ISSUER_ STATE_ OR_ PROVINCE - List of state or province names (ST, S, or P)
- TLS_
SERVER_ X509_ NOT_ AFTER - Time at which the certificate is no longer considered valid.
- TLS_
SERVER_ X509_ NOT_ BEFORE - Time at which the certificate is first considered valid.
- TLS_
SERVER_ X509_ PUBLIC_ KEY_ ALGORITHM - Algorithm used to generate the public key.
- TLS_
SERVER_ X509_ PUBLIC_ KEY_ CURVE - The curve used by the elliptic curve public key algorithm. This is algorithm specific.
- TLS_
SERVER_ X509_ PUBLIC_ KEY_ EXPONENT - Exponent used to derive the public key. This is algorithm specific.
- TLS_
SERVER_ X509_ PUBLIC_ KEY_ SIZE - The size of the public key space in bits.
- TLS_
SERVER_ X509_ SERIAL_ NUMBER - Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters.
- TLS_
SERVER_ X509_ SIGNATURE_ ALGORITHM - Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353.
- TLS_
SERVER_ X509_ SUBJECT_ COMMON_ NAME - List of common names (CN) of subject.
- TLS_
SERVER_ X509_ SUBJECT_ COUNTRY - List of country (C) code
- TLS_
SERVER_ X509_ SUBJECT_ DISTINGUISHED_ NAME - Distinguished name (DN) of the certificate subject entity.
- TLS_
SERVER_ X509_ SUBJECT_ LOCALITY - List of locality names (L)
- TLS_
SERVER_ X509_ SUBJECT_ ORGANIZATION - List of organizations (O) of subject.
- TLS_
SERVER_ X509_ SUBJECT_ ORGANIZATIONAL_ UNIT - List of organizational units (OU) of subject.
- TLS_
SERVER_ X509_ SUBJECT_ STATE_ OR_ PROVINCE - List of state or province names (ST, S, or P)
- TLS_
SERVER_ X509_ VERSION_ NUMBER - Version of x509 format.
- TLS_
VERSION - Numeric part of the version parsed from the original string.
- TLS_
VERSION_ PROTOCOL - Normalized lowercase protocol name parsed from original string.