Module tls

Available on crate feature tls only.

Expand description

Passive TLS handshake observer.

Bridges tls-parser into flowscope’s Reassembler. Receives bytes from the per-flow TCP stream, emits parsed TlsClientHello / TlsServerHello / TlsAlert events via a user-supplied TlsHandler.

§Quick start

use flowscope::tls::{TlsClientHello, TlsFactory, TlsHandler};

struct Logger;
impl TlsHandler for Logger {
    fn on_client_hello(&self, h: &TlsClientHello) {
        println!("SNI: {:?}, ALPN: {:?}", h.sni, h.alpn);
    }
}

§Scope

Passive observation only — no decryption, no MITM.
ClientHello, ServerHello, Alert from the unencrypted handshake.
SNI / ALPN / supported versions / cipher list / extension order.
TLS 1.0 — TLS 1.3 (visibility limited after ChangeCipherSpec in 1.2 and after ServerHello in 1.3 since records are encrypted onward).
Optional JA3 fingerprinting behind the ja3 feature.

Structs§

TlsAlert: TLS Alert record (RFC 5246 §7.2).
TlsClientHello: Parsed TLS ClientHello — what the client offered to the server.
TlsConfig: Tunables for the TLS observer.
TlsFactory: ReassemblerFactory that produces a TlsReassembler per (flow, side). Wraps a user-supplied TlsHandler and shares it across all per-flow reassembler instances.
TlsParser: Per-flow TLS handshake parser. Holds independent state for the initiator (client) and responder (server) directions.
TlsReassembler: Per-(flow, side) reassembler. Buffers TCP segments, parses TLS records, invokes TlsHandler for each handshake event.
TlsServerHello: Parsed TLS ServerHello.

Enums§

Error: Parser-side errors. Bubbled up to the reassembler, which transitions the per-direction state to a desynchronised mode that drops further bytes on the floor.
TlsAlertLevel
TlsMessage: Unified message type emitted by TlsParser.
TlsVersion

Traits§

TlsHandler: User implements this to receive parsed TLS handshake events.

Module tls

Module tls Copy item path

§Quick start

§Scope

Structs§

Enums§

Traits§

Module tls