groups: - id: registry.tls type: attribute_group display_name: TLS Attributes brief: "This document defines semantic convention attributes in the TLS namespace." attributes: - id: tls.cipher brief: > String indicating the [cipher](https://datatracker.ietf.org/doc/html/rfc5246#appendix-A.5) used during the current connection. type: string stability: development note: > The values allowed for `tls.cipher` MUST be one of the `Descriptions` of the [registered TLS Cipher Suits](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#table-tls-parameters-4). examples: [ "TLS_RSA_WITH_3DES_EDE_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", ] - id: tls.client.certificate type: string stability: development brief: > PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. examples: ["MII..."] - id: tls.client.certificate_chain type: string[] stability: development brief: > Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. examples: - ['MII...', 'MI...'] - id: tls.client.hash.md5 type: string stability: development brief: > Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. examples: ["0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC"] - id: tls.client.hash.sha1 type: string stability: development brief: > Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. examples: ["9E393D93138888D288266C2D915214D1D1CCEB2A"] - id: tls.client.hash.sha256 type: string stability: development brief: > Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. examples: ["0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0"] - id: tls.client.issuer type: string stability: development brief: "Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client." examples: ["CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com"] - id: tls.client.ja3 type: string stability: development brief: "A hash that identifies clients based on how they perform an SSL/TLS handshake." examples: ["d4e5b18d6b55c71272893221c96ba240"] - id: tls.client.not_after type: string stability: development brief: "Date/Time indicating when client certificate is no longer considered valid." examples: ["2021-01-01T00:00:00.000Z"] - id: tls.client.not_before type: string stability: development brief: "Date/Time indicating when client certificate is first considered valid." examples: ["1970-01-01T00:00:00.000Z"] - id: tls.client.subject type: string stability: development brief: "Distinguished name of subject of the x.509 certificate presented by the client." examples: ["CN=myclient, OU=Documentation Team, DC=example, DC=com"] - id: tls.client.supported_ciphers type: string[] stability: development brief: Array of ciphers offered by the client during the client hello. examples: - [TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384] - id: tls.curve brief: "String indicating the curve used for the given cipher, when applicable" type: string stability: development examples: ["secp256r1"] - id: tls.established brief: "Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel." type: boolean stability: development examples: [true] - id: tls.next_protocol brief: > String indicating the protocol being tunneled. Per the values in the [IANA registry](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. type: string stability: development examples: ["http/1.1"] - id: tls.protocol.name brief: > Normalized lowercase protocol name parsed from original string of the negotiated [SSL/TLS protocol version](https://docs.openssl.org/1.1.1/man3/SSL_get_version/#return-values) type: members: - id: ssl value: ssl stability: development - id: tls value: tls stability: development stability: development - id: tls.protocol.version brief: > Numeric part of the version parsed from the original string of the negotiated [SSL/TLS protocol version](https://docs.openssl.org/1.1.1/man3/SSL_get_version/#return-values) type: string stability: development examples: ["1.2", "3"] - id: tls.resumed brief: "Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation." type: boolean stability: development examples: [true] - id: tls.server.certificate type: string stability: development brief: > PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. examples: ["MII..."] - id: tls.server.certificate_chain type: string[] stability: development brief: > Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. examples: - ["MII...", "MI..."] - id: tls.server.hash.md5 type: string stability: development brief: > Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. examples: ["0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC"] - id: tls.server.hash.sha1 type: string stability: development brief: > Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. examples: ["9E393D93138888D288266C2D915214D1D1CCEB2A"] - id: tls.server.hash.sha256 type: string stability: development brief: > Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. examples: ["0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0"] - id: tls.server.issuer type: string stability: development brief: "Distinguished name of [subject](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6) of the issuer of the x.509 certificate presented by the client." examples: ["CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com"] - id: tls.server.ja3s type: string stability: development brief: "A hash that identifies servers based on how they perform an SSL/TLS handshake." examples: ["d4e5b18d6b55c71272893221c96ba240"] - id: tls.server.not_after type: string stability: development brief: "Date/Time indicating when server certificate is no longer considered valid." examples: ["2021-01-01T00:00:00.000Z"] - id: tls.server.not_before type: string stability: development brief: "Date/Time indicating when server certificate is first considered valid." examples: ["1970-01-01T00:00:00.000Z"] - id: tls.server.subject type: string stability: development brief: "Distinguished name of subject of the x.509 certificate presented by the server." examples: ["CN=myserver, OU=Documentation Team, DC=example, DC=com"]