Added risk: TLS_EXTENSION_SUSPICIOUS (#1252)

* validates client/server hello TLS extensions * inspects content for some extensions Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni <matzeton@googlemail.com> 2021-07-19 16:23:24 +0200
committer: GitHub <noreply@github.com> 2021-07-19 16:23:24 +0200
commit: 32275543c421eae55fd98a5a98e00059a0407953 (patch)
tree: 758cb9fdcb089880248cbb8e6f86f1482eb0099b /src/lib/ndpi_main.c
parent: 57b8969a3d30cfdefe54fc46f4d5552d76bd1b82 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index e1496b2d4..a9dc54aa1 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -103,6 +103,7 @@ static ndpi_risk_info ndpi_known_risks[] = {
   { NDPI_DESKTOP_OR_FILE_SHARING_SESSION,       NDPI_RISK_LOW,    CLIENT_FAIR_RISK_PERCENTAGE },
   { NDPI_TLS_UNCOMMON_ALPN,                     NDPI_RISK_MEDIUM, CLIENT_HIGH_RISK_PERCENTAGE },
   { NDPI_TLS_CERT_VALIDITY_TOO_LONG,            NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE },
+  { NDPI_TLS_EXTENSION_SUSPICIOUS,              NDPI_RISK_HIGH,   CLIENT_HIGH_RISK_PERCENTAGE },
 
   /* Leave this as last member */
   { NDPI_MAX_RISK,                              NDPI_RISK_LOW,    CLIENT_FAIR_RISK_PERCENTAGE }
author	Toni <matzeton@googlemail.com>	2021-07-19 16:23:24 +0200
committer	GitHub <noreply@github.com>	2021-07-19 16:23:24 +0200
commit	32275543c421eae55fd98a5a98e00059a0407953 (patch)
tree	758cb9fdcb089880248cbb8e6f86f1482eb0099b /src/lib/ndpi_main.c
parent	57b8969a3d30cfdefe54fc46f4d5552d76bd1b82 (diff)