Added TLS weak cipher and obsolete protocol version detection

author: Luca Deri <deri@ntop.org> 2020-05-10 21:55:35 +0200
committer: Luca Deri <deri@ntop.org> 2020-05-10 21:55:35 +0200
commit: ee15c6149db30b64c63a9009a3c4ef24280495a6 (patch)
tree: a27b344555ac7fabb208cdc02c2d64842d71fc2c /src/lib/protocols/tls.c
parent: ae803c8b51dec9e31e99cb37cd64bd968b314669 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 655d61ed6..3de9bbb83 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -839,7 +839,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 
     tls_version = ntohs(*((u_int16_t*)&packet->payload[version_offset]));
     flow->protos.stun_ssl.ssl.ssl_version = ja3.tls_handshake_version = tls_version;
-
+    if(flow->protos.stun_ssl.ssl.ssl_version < 0x0302) /* TLSv1.1 */
+      NDPI_SET_BIT_16(flow->risk, NDPI_TLS_OBSOLETE_VERSION);
+    
     if(handshake_type == 0x02 /* Server Hello */) {
       int i, rc;
 
@@ -862,7 +864,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 	return(0); /* Not found */
 
       ja3.num_cipher = 1, ja3.cipher[0] = ntohs(*((u_int16_t*)&packet->payload[offset]));
-      flow->protos.stun_ssl.ssl.server_unsafe_cipher = ndpi_is_safe_ssl_cipher(ja3.cipher[0]);
+      if((flow->protos.stun_ssl.ssl.server_unsafe_cipher = ndpi_is_safe_ssl_cipher(ja3.cipher[0])) == 1)
+	NDPI_SET_BIT_16(flow->risk, NDPI_TLS_WEAK_CIPHER);
+      
       flow->protos.stun_ssl.ssl.server_cipher = ja3.cipher[0];
 
 #ifdef DEBUG_TLS
author	Luca Deri <deri@ntop.org>	2020-05-10 21:55:35 +0200
committer	Luca Deri <deri@ntop.org>	2020-05-10 21:55:35 +0200
commit	ee15c6149db30b64c63a9009a3c4ef24280495a6 (patch)
tree	a27b344555ac7fabb208cdc02c2d64842d71fc2c /src/lib/protocols/tls.c
parent	ae803c8b51dec9e31e99cb37cd64bd968b314669 (diff)