TlsIncubatingAttributes
in
Semantic attributes and corresponding values for tls.
Tags
Table of Contents
Constants
- TLS_CIPHER = 'tls.cipher'
- String indicating the [cipher](https://datatracker.ietf.org/doc/html/rfc5246#appendix-A.5) used during the current connection.
- TLS_CLIENT_CERTIFICATE = 'tls.client.certificate'
- PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list.
- TLS_CLIENT_CERTIFICATE_CHAIN = 'tls.client.certificate_chain'
- Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain.
- TLS_CLIENT_HASH_MD5 = 'tls.client.hash.md5'
- Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_CLIENT_HASH_SHA1 = 'tls.client.hash.sha1'
- Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_CLIENT_HASH_SHA256 = 'tls.client.hash.sha256'
- Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_CLIENT_ISSUER = 'tls.client.issuer'
- Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client.
- TLS_CLIENT_JA3 = 'tls.client.ja3'
- A hash that identifies clients based on how they perform an SSL/TLS handshake.
- TLS_CLIENT_NOT_AFTER = 'tls.client.not_after'
- Date/Time indicating when client certificate is no longer considered valid.
- TLS_CLIENT_NOT_BEFORE = 'tls.client.not_before'
- Date/Time indicating when client certificate is first considered valid.
- TLS_CLIENT_SUBJECT = 'tls.client.subject'
- Distinguished name of subject of the x.509 certificate presented by the client.
- TLS_CLIENT_SUPPORTED_CIPHERS = 'tls.client.supported_ciphers'
- Array of ciphers offered by the client during the client hello.
- TLS_CURVE = 'tls.curve'
- String indicating the curve used for the given cipher, when applicable
- TLS_ESTABLISHED = 'tls.established'
- Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel.
- TLS_NEXT_PROTOCOL = 'tls.next_protocol'
- String indicating the protocol being tunneled. Per the values in the [IANA registry](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case.
- TLS_PROTOCOL_NAME = 'tls.protocol.name'
- Normalized lowercase protocol name parsed from original string of the negotiated [SSL/TLS protocol version](https://docs.openssl.org/1.1.1/man3/SSL_get_version/#return-values)
- TLS_PROTOCOL_NAME_VALUE_SSL = 'ssl'
- TLS_PROTOCOL_NAME_VALUE_TLS = 'tls'
- TLS_PROTOCOL_VERSION = 'tls.protocol.version'
- Numeric part of the version parsed from the original string of the negotiated [SSL/TLS protocol version](https://docs.openssl.org/1.1.1/man3/SSL_get_version/#return-values)
- TLS_RESUMED = 'tls.resumed'
- Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation.
- TLS_SERVER_CERTIFICATE = 'tls.server.certificate'
- PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list.
- TLS_SERVER_CERTIFICATE_CHAIN = 'tls.server.certificate_chain'
- Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain.
- TLS_SERVER_HASH_MD5 = 'tls.server.hash.md5'
- Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_SERVER_HASH_SHA1 = 'tls.server.hash.sha1'
- Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_SERVER_HASH_SHA256 = 'tls.server.hash.sha256'
- Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash.
- TLS_SERVER_ISSUER = 'tls.server.issuer'
- Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client.
- TLS_SERVER_JA3S = 'tls.server.ja3s'
- A hash that identifies servers based on how they perform an SSL/TLS handshake.
- TLS_SERVER_NOT_AFTER = 'tls.server.not_after'
- Date/Time indicating when server certificate is no longer considered valid.
- TLS_SERVER_NOT_BEFORE = 'tls.server.not_before'
- Date/Time indicating when server certificate is first considered valid.
- TLS_SERVER_SUBJECT = 'tls.server.subject'
- Distinguished name of subject of the x.509 certificate presented by the server.
Constants
TLS_CIPHER
String indicating the [cipher](https://datatracker.ietf.org/doc/html/rfc5246#appendix-A.5) used during the current connection.
public
mixed
TLS_CIPHER
= 'tls.cipher'
The values allowed for tls.cipher MUST be one of the Descriptions of the registered TLS Cipher Suits.
Tags
TLS_CLIENT_CERTIFICATE
PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list.
public
mixed
TLS_CLIENT_CERTIFICATE
= 'tls.client.certificate'
Tags
TLS_CLIENT_CERTIFICATE_CHAIN
Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain.
public
mixed
TLS_CLIENT_CERTIFICATE_CHAIN
= 'tls.client.certificate_chain'
Tags
TLS_CLIENT_HASH_MD5
Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash.
public
mixed
TLS_CLIENT_HASH_MD5
= 'tls.client.hash.md5'
Tags
TLS_CLIENT_HASH_SHA1
Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash.
public
mixed
TLS_CLIENT_HASH_SHA1
= 'tls.client.hash.sha1'
Tags
TLS_CLIENT_HASH_SHA256
Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash.
public
mixed
TLS_CLIENT_HASH_SHA256
= 'tls.client.hash.sha256'
Tags
TLS_CLIENT_ISSUER
Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client.
public
mixed
TLS_CLIENT_ISSUER
= 'tls.client.issuer'
Tags
TLS_CLIENT_JA3
A hash that identifies clients based on how they perform an SSL/TLS handshake.
public
mixed
TLS_CLIENT_JA3
= 'tls.client.ja3'
Tags
TLS_CLIENT_NOT_AFTER
Date/Time indicating when client certificate is no longer considered valid.
public
mixed
TLS_CLIENT_NOT_AFTER
= 'tls.client.not_after'
Tags
TLS_CLIENT_NOT_BEFORE
Date/Time indicating when client certificate is first considered valid.
public
mixed
TLS_CLIENT_NOT_BEFORE
= 'tls.client.not_before'
Tags
TLS_CLIENT_SUBJECT
Distinguished name of subject of the x.509 certificate presented by the client.
public
mixed
TLS_CLIENT_SUBJECT
= 'tls.client.subject'
Tags
TLS_CLIENT_SUPPORTED_CIPHERS
Array of ciphers offered by the client during the client hello.
public
mixed
TLS_CLIENT_SUPPORTED_CIPHERS
= 'tls.client.supported_ciphers'
Tags
TLS_CURVE
String indicating the curve used for the given cipher, when applicable
public
mixed
TLS_CURVE
= 'tls.curve'
Tags
TLS_ESTABLISHED
Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel.
public
mixed
TLS_ESTABLISHED
= 'tls.established'
Tags
TLS_NEXT_PROTOCOL
String indicating the protocol being tunneled. Per the values in the [IANA registry](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case.
public
mixed
TLS_NEXT_PROTOCOL
= 'tls.next_protocol'
Tags
TLS_PROTOCOL_NAME
Normalized lowercase protocol name parsed from original string of the negotiated [SSL/TLS protocol version](https://docs.openssl.org/1.1.1/man3/SSL_get_version/#return-values)
public
mixed
TLS_PROTOCOL_NAME
= 'tls.protocol.name'
Tags
TLS_PROTOCOL_NAME_VALUE_SSL
public
mixed
TLS_PROTOCOL_NAME_VALUE_SSL
= 'ssl'
Tags
TLS_PROTOCOL_NAME_VALUE_TLS
public
mixed
TLS_PROTOCOL_NAME_VALUE_TLS
= 'tls'
Tags
TLS_PROTOCOL_VERSION
Numeric part of the version parsed from the original string of the negotiated [SSL/TLS protocol version](https://docs.openssl.org/1.1.1/man3/SSL_get_version/#return-values)
public
mixed
TLS_PROTOCOL_VERSION
= 'tls.protocol.version'
Tags
TLS_RESUMED
Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation.
public
mixed
TLS_RESUMED
= 'tls.resumed'
Tags
TLS_SERVER_CERTIFICATE
PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list.
public
mixed
TLS_SERVER_CERTIFICATE
= 'tls.server.certificate'
Tags
TLS_SERVER_CERTIFICATE_CHAIN
Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain.
public
mixed
TLS_SERVER_CERTIFICATE_CHAIN
= 'tls.server.certificate_chain'
Tags
TLS_SERVER_HASH_MD5
Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash.
public
mixed
TLS_SERVER_HASH_MD5
= 'tls.server.hash.md5'
Tags
TLS_SERVER_HASH_SHA1
Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash.
public
mixed
TLS_SERVER_HASH_SHA1
= 'tls.server.hash.sha1'
Tags
TLS_SERVER_HASH_SHA256
Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash.
public
mixed
TLS_SERVER_HASH_SHA256
= 'tls.server.hash.sha256'
Tags
TLS_SERVER_ISSUER
Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client.
public
mixed
TLS_SERVER_ISSUER
= 'tls.server.issuer'
Tags
TLS_SERVER_JA3S
A hash that identifies servers based on how they perform an SSL/TLS handshake.
public
mixed
TLS_SERVER_JA3S
= 'tls.server.ja3s'
Tags
TLS_SERVER_NOT_AFTER
Date/Time indicating when server certificate is no longer considered valid.
public
mixed
TLS_SERVER_NOT_AFTER
= 'tls.server.not_after'
Tags
TLS_SERVER_NOT_BEFORE
Date/Time indicating when server certificate is first considered valid.
public
mixed
TLS_SERVER_NOT_BEFORE
= 'tls.server.not_before'
Tags
TLS_SERVER_SUBJECT
Distinguished name of subject of the x.509 certificate presented by the server.
public
mixed
TLS_SERVER_SUBJECT
= 'tls.server.subject'