diff options
author | Chris Buechler <cmb@pfsense.org> | 2015-11-20 20:06:48 -0600 |
---|---|---|
committer | Chris Buechler <cmb@pfsense.org> | 2015-11-20 20:06:48 -0600 |
commit | d65c61130ae616c372dd4ef73632bcbaf5d058d8 (patch) | |
tree | ba9d390f98a1a44aa17b203eb3c0208e8fd52b20 /src/usr/local/share/protocols/validcertssl.pat | |
parent | d036bc07bca646598cfde90e4c440b033869afdb (diff) | |
download | pfsense-d65c61130ae616c372dd4ef73632bcbaf5d058d8.zip pfsense-d65c61130ae616c372dd4ef73632bcbaf5d058d8.tar.gz |
Remove layer7 components. Ticket #5508
Diffstat (limited to 'src/usr/local/share/protocols/validcertssl.pat')
-rw-r--r-- | src/usr/local/share/protocols/validcertssl.pat | 25 |
1 files changed, 0 insertions, 25 deletions
diff --git a/src/usr/local/share/protocols/validcertssl.pat b/src/usr/local/share/protocols/validcertssl.pat deleted file mode 100644 index 7aa1812..0000000 --- a/src/usr/local/share/protocols/validcertssl.pat +++ /dev/null @@ -1,25 +0,0 @@ -# Valid certificate SSL -# Pattern attributes: good slow notsofast subset -# Protocol groups: secure ietf_proposed_standard -# Wiki: http://www.protocolinfo.org/wiki/SSL -# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE - -# This matches anything claiming to use a valid certificate from a well -# known certificate authority. -# -# This is a subset of ssl, so it needs to come first to match. -# -# Note that opening a website that has a valid certificate will -# open one connection that matches this and many ssl connections that -# only match the ssl pattern. Thus, this pattern may not be very useful. -# -# This pattern is believed match only the above, but may not match all -# of it. -# -# the certificate authority info is sent in quasi plain text, if it matches -# a well known certificate authority then we will assume it is a -# web/imaps/etc server. Other ssl may be good too, but it should fall under -# a different rule - -validcertssl -^(.?.?\x16\x03.*\x16\x03|.?.?\x01\x03\x01?.*\x0b).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\.net limited) |