Remove duplicate ALPS extension (#2821)

* Removed dupe extension

* Removed ECH from suspicious extensions

1 files changed, 4 insertions, 5 deletions

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index c2f7f37f6..0fd2f1e26 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1998,7 +1998,7 @@ static void checkExtensions(struct ndpi_detection_module_struct *ndpi_struct,
 
   /* see: https://www.wireshark.org/docs/wsar_html/packet-tls-utils_8h_source.html */
   static u_int16_t const allowed_non_iana_extensions[] = {
-      /* 65486 ESNI is suspicious nowadays */ 13172 /* NPN - Next Proto Neg */, 17513 /* ALPS */,
+      /* 65486 ESNI is suspicious nowadays */ 13172 /* NPN - Next Proto Neg */,
       30032 /* Channel ID */, 65445 /* QUIC transport params */,
       /* GREASE extensions */
       2570, 6682, 10794, 14906, 19018, 23130, 27242,
@@ -2008,16 +2008,15 @@ static void checkExtensions(struct ndpi_detection_module_struct *ndpi_struct,
       1035, 10794, 16696, 23130, 31354, 35466, 51914,
       /* Ciphers */
       102, 129, 52243, 52244, 57363, 65279, 65413,
-      /* ECH */
-      65037,
-      /* ExtensionType value from draft-vvv-tls-alps. This is not an IANA defined extension number. */
+      /* ALPS */
       17513, 17613
   };
   size_t const allowed_non_iana_extensions_size = sizeof(allowed_non_iana_extensions) /
     sizeof(allowed_non_iana_extensions[0]);
 
   /* see: https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml */
-  if(extension_id > 59 && extension_id != 65281)
+  /* 65281 renegotiation_info, 65037 ECH */
+  if(extension_id > 59 && extension_id != 65281 && extension_id != 65037)
     {
       u_int8_t extension_found = 0;
       size_t i;