Added valid TLS extensions that used to trigger invalid risks

author: Luca Deri <deri@ntop.org> 2025-02-27 20:19:39 +0100
committer: Luca Deri <deri@ntop.org> 2025-02-27 20:19:39 +0100
commit: b162e5406e5603a981b58f51808ba4f174617033 (patch)
tree: 101a68ffbf0ff597d81f6f34a3cbcfed382ff707 /src/lib/protocols/tls.c
parent: 5ba6c6a34be11d2b3d5fffd21e4c0ddf5a3c501d (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index a973074f6..a2f6213bc 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1994,7 +1994,9 @@ static void checkExtensions(struct ndpi_detection_module_struct *ndpi_struct,
       /* Ciphers */
       102, 129, 52243, 52244, 57363, 65279, 65413,
       /* ECH */
-      65037
+      65037,
+      /* ExtensionType value from draft-vvv-tls-alps. This is not an IANA defined extension number. */
+      17513, 17613
   };
   size_t const allowed_non_iana_extensions_size = sizeof(allowed_non_iana_extensions) /
     sizeof(allowed_non_iana_extensions[0]);
author	Luca Deri <deri@ntop.org>	2025-02-27 20:19:39 +0100
committer	Luca Deri <deri@ntop.org>	2025-02-27 20:19:39 +0100
commit	b162e5406e5603a981b58f51808ba4f174617033 (patch)
tree	101a68ffbf0ff597d81f6f34a3cbcfed382ff707 /src/lib/protocols/tls.c
parent	5ba6c6a34be11d2b3d5fffd21e4c0ddf5a3c501d (diff)