In TLS/HTTPS traffic analysis without full decryption, which field can still provide valuable threat intelligence to an analyst?
-
A
The encrypted application data payload
-
B
The TLS certificate's Subject/CN field, SANs, and the Server Name Indication (SNI) extension
-
C
The session ticket contents used for TLS resumption
-
D
The HMAC values used for message authentication