Merge pull request #973 from IvanNardi/esni3

Add risk flag about suspicious ESNI usage
author: Luca Deri <lucaderi@users.noreply.github.com> 2020-08-06 10:18:27 +0200
committer: GitHub <noreply@github.com> 2020-08-06 10:18:27 +0200
commit: 95dfbdc64a48c3f8e57189499d5bb82b1b41ab09 (patch)
tree: 4a1c4691805eb789b9284ca574f9bd3f6cfc7262 /src/lib/protocols
parent: c2156a516193ada6fee37ab6b7a26f712ee02e14 (diff)
parent: 79b89d286605635f15edfe3c21297aaa3b5f3acf (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 5642ebdf0..f96745dc6 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1434,6 +1434,11 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 	      NDPI_SET_BIT(flow->risk, NDPI_TLS_NOT_CARRYING_HTTPS);
 	    }
 
+	    if(flow->protos.stun_ssl.ssl.encrypted_sni.esni &&
+	       flow->protos.stun_ssl.ssl.client_requested_server_name[0] != '\0') {
+	      NDPI_SET_BIT(flow->risk, NDPI_TLS_SUSPICIOUS_ESNI_USAGE);
+	    }
+
 	    return(2 /* Client Certificate */);
 	  } else {
 #ifdef DEBUG_TLS
author	Luca Deri <lucaderi@users.noreply.github.com>	2020-08-06 10:18:27 +0200
committer	GitHub <noreply@github.com>	2020-08-06 10:18:27 +0200
commit	95dfbdc64a48c3f8e57189499d5bb82b1b41ab09 (patch)
tree	4a1c4691805eb789b9284ca574f9bd3f6cfc7262 /src/lib/protocols
parent	c2156a516193ada6fee37ab6b7a26f712ee02e14 (diff)
parent	79b89d286605635f15edfe3c21297aaa3b5f3acf (diff)