Implements #705

3 files changed, 30 insertions, 9 deletions

diff --git a/example/ndpiReader.c b/example/ndpiReader.c
index 216b4d9ab..ec9f22d15 100644
--- a/example/ndpiReader.c
+++ b/example/ndpiReader.c
@@ -749,6 +749,22 @@ char* intoaV4(u_int32_t addr, char* buf, u_int16_t bufLen) {
 
 /* ********************************** */
 
+static char* print_cipher(u_int8_t c) {
+  switch(c) {
+  case NDPI_CIPHER_INSECURE:
+    return(" (INSECURE)");
+    break;
+
+  case NDPI_CIPHER_WEAK:
+    return(" (WEAK)");
+    break;
+
+  default:
+    return("");
+  }
+}
+/* ********************************** */
+
 /**
  * @brief Print the flow
  */
@@ -800,14 +816,16 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
 	    flow->dst2src_packets, (long long unsigned int) flow->dst2src_bytes);
 
     if(flow->host_server_name[0] != '\0') fprintf(out, "[Host: %s]", flow->host_server_name);
-    
+
     if(flow->info[0] != '\0') fprintf(out, "[%s]", flow->info);
 
-    
-    if(flow->ssh_ssl.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s]", flow->ssh_ssl.ja3_client);    
+
+    if(flow->ssh_ssl.ja3_client[0] != '\0') fprintf(out, "[JA3C: %s%s]", flow->ssh_ssl.ja3_client,
+						    print_cipher(flow->ssh_ssl.client_unsafe_cipher));
     if(flow->ssh_ssl.server_info[0] != '\0') fprintf(out, "[server: %s]", flow->ssh_ssl.server_info);
-    
-    if(flow->ssh_ssl.ja3_server[0] != '\0') fprintf(out, "[JA3S: %s]", flow->ssh_ssl.ja3_server);
+
+    if(flow->ssh_ssl.ja3_server[0] != '\0') fprintf(out, "[JA3S: %s%s]", flow->ssh_ssl.ja3_server,
+						    print_cipher(flow->ssh_ssl.server_unsafe_cipher));
     if(flow->ssh_ssl.server_organization[0] != '\0') fprintf(out, "[organization: %s]", flow->ssh_ssl.server_organization);
     if(flow->bittorent_hash[0] != '\0') fprintf(out, "[BT Hash: %s]", flow->bittorent_hash);
 
@@ -856,13 +874,13 @@ static void printFlow(u_int16_t id, struct ndpi_flow_info *flow, u_int16_t threa
 
       if(flow->ssh_ssl.ja3_server[0] != '\0')
 	json_object_object_add(jObj,"ja3s",json_object_new_string(flow->ssh_ssl.ja3_server));
-      
+
       if(flow->ssh_ssl.ja3_client[0] != '\0')
 	json_object_object_add(jObj,"ja3c",json_object_new_string(flow->ssh_ssl.ja3_client));
-      
+
       if(flow->ja3_server[0] != '\0')
 	json_object_object_add(jObj,"host.server.ja3",json_object_new_string(flow->ja3_server));
-      
+
       if(flow->ssh_ssl.client_info[0] != '\0')
 	json_object_object_add(sjObj, "client", json_object_new_string(flow->ssh_ssl.client_info));
 
diff --git a/example/ndpi_util.c b/example/ndpi_util.c
index da7a87bdb..92d8dca80 100644
--- a/example/ndpi_util.c
+++ b/example/ndpi_util.c
@@ -572,6 +572,8 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
 	       flow->ndpi_flow->protos.stun_ssl.ssl.ja3_client);
       snprintf(flow->ssh_ssl.ja3_server, sizeof(flow->ssh_ssl.ja3_server), "%s",
 	       flow->ndpi_flow->protos.stun_ssl.ssl.ja3_server);
+      flow->ssh_ssl.client_unsafe_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.client_unsafe_cipher;
+      flow->ssh_ssl.server_unsafe_cipher = flow->ndpi_flow->protos.stun_ssl.ssl.server_unsafe_cipher;
     }
   }
 
@@ -684,7 +686,7 @@ static struct ndpi_proto packet_processing(struct ndpi_workflow * workflow,
     /* New protocol detected or give up */
     flow->detection_completed = 1;
     /* Check if we should keep checking extra packets */
-    if(ndpi_flow->check_extra_packets)
+    if(ndpi_flow && ndpi_flow->check_extra_packets)
       flow->check_extra_packets = 1;
 
     if(flow->detected_protocol.app_protocol == NDPI_PROTOCOL_UNKNOWN)
diff --git a/example/ndpi_util.h b/example/ndpi_util.h
index 57772455f..d5a46735c 100644
--- a/example/ndpi_util.h
+++ b/example/ndpi_util.h
@@ -99,6 +99,7 @@ typedef struct ndpi_flow_info {
   struct {
     char client_info[64], server_info[64], server_organization[64],
       ja3_client[33], ja3_server[33];
+    u_int8_t client_unsafe_cipher:2, server_unsafe_cipher:2, _pad:4;
   } ssh_ssl;
 
   void *src_id, *dst_id;