diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2025-03-25 16:59:32 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-25 16:59:32 +0100 |
| commit | a8ddc4d368a17eeb4d466dbcb6996d1630aee50d (patch) | |
| tree | cc5aa13aec5a93bb0e9abde3467ba69f4f574850 /src/lib/ndpi_main.c | |
| parent | f2be78561b3382b0be4b79dd55bbde6d5047ba1d (diff) | |
Remove `NDPI_TLS_SUSPICIOUS_ESNI_USAGE` flow risk (#2778)
That flow risk was introduced in 79b89d286605635f15edfe3c21297aaa3b5f3acf
but we can now use the generic `NDPI_TLS_SUSPICIOUS_EXTENSION` instead:
ESNI is quite suspicious nowadays in itself (i.e. even without SNI).
Note that ESNI support has been removed in cae9fb9989838f213eeb857b8fc4bbeac6940049
Diffstat (limited to 'src/lib/ndpi_main.c')
| -rw-r--r-- | src/lib/ndpi_main.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c index 96610affc..5df5f36ae 100644 --- a/src/lib/ndpi_main.c +++ b/src/lib/ndpi_main.c @@ -171,7 +171,7 @@ static ndpi_risk_info ndpi_known_risks[] = { { NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, { NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER, NDPI_RISK_MEDIUM, CLIENT_LOW_RISK_PERCENTAGE, NDPI_SERVER_ACCOUNTABLE }, { NDPI_SMB_INSECURE_VERSION, NDPI_RISK_HIGH, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, - { NDPI_TLS_SUSPICIOUS_ESNI_USAGE, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, + { NDPI_FREE_21, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, { NDPI_UNSAFE_PROTOCOL, NDPI_RISK_LOW, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_BOTH_ACCOUNTABLE }, { NDPI_DNS_SUSPICIOUS_TRAFFIC, NDPI_RISK_MEDIUM, CLIENT_HIGH_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, { NDPI_TLS_MISSING_SNI, NDPI_RISK_MEDIUM, CLIENT_FAIR_RISK_PERCENTAGE, NDPI_CLIENT_ACCOUNTABLE }, |