vrr/nDPI
2
0
Fork 0
mirror of https://github.com/vel21ripn/nDPI.git synced 2026-05-06 03:45:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

TLS: be sure to always set ssl_version field (#1806)

Browse source 
Useful with asymmetric traffic with (D)TLS <= 1.2
This commit is contained in:
Ivan Nardi 2022-11-22 16:13:28 +01:00 committed by GitHub
parent 4231f48059
commit 2b65a4e05e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/lib/protocols/tls.c
View file

@ -1656,6 +1656,11 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
i += 4 + extension_len, offset += 4 + extension_len;
} /* for */
/* If the CH is not available and if "supported_versions" extension is not present in the SH
(i.e. (D)TLS <= 1.2), use the version field present in the record layer */
if(flow->protos.tls_quic.ssl_version == 0)
flow->protos.tls_quic.ssl_version = tls_version;
ja3_str_len = ndpi_snprintf(ja3_str, JA3_STR_LEN, "%u,", ja3.server.tls_handshake_version);
for(i=0; (i<ja3.server.num_cipher) && (JA3_STR_LEN > ja3_str_len); i++) {