TLS obsolete protocol is set when TLS < 1.2 (used to be 1.1)

author: Luca Deri <deri@ntop.org> 2021-10-05 16:44:04 +0200
committer: Luca Deri <deri@ntop.org> 2021-10-05 16:44:56 +0200
commit: 10576eab0a9c80ecf242598b5d193a40cf41b9f3 (patch)
tree: f1b19bf1baa04215c9ba7da43e6a6e83e54a6c0e
parent: 730c2360bd7c7df7c284f74cd0d56b52a553c03b (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index f969c6c59..9839d8863 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1697,7 +1697,7 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
     return("Self-signed Certificate");
 
   case NDPI_TLS_OBSOLETE_VERSION:
-    return("Obsolete TLS version (older than 1.1)");
+    return("Obsolete TLS version (older than 1.2)");
 
   case NDPI_TLS_WEAK_CIPHER:
     return("Weak TLS cipher");
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index aac8798b3..2d9d517cc 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1495,7 +1495,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
       ja3.client.alpn[0] = '\0';
 
       flow->protos.tls_quic_stun.tls_quic.ssl_version = ja3.client.tls_handshake_version = tls_version;
-      if(flow->protos.tls_quic_stun.tls_quic.ssl_version < 0x0302) /* TLSv1.1 */
+      if(flow->protos.tls_quic_stun.tls_quic.ssl_version < 0x0303) /* < TLSv1.2 */
 	ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_OBSOLETE_VERSION);
 
       if((session_id_len+base_offset+3) > packet->payload_packet_len)
author	Luca Deri <deri@ntop.org>	2021-10-05 16:44:04 +0200
committer	Luca Deri <deri@ntop.org>	2021-10-05 16:44:56 +0200
commit	10576eab0a9c80ecf242598b5d193a40cf41b9f3 (patch)
tree	f1b19bf1baa04215c9ba7da43e6a6e83e54a6c0e
parent	730c2360bd7c7df7c284f74cd0d56b52a553c03b (diff)