Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPS

author: Luca Deri <deri@ntop.org> 2020-06-08 14:20:10 +0200
committer: Luca Deri <deri@ntop.org> 2020-06-08 14:20:10 +0200
commit: 3506a0786482a47281444b66a7089f64ea2b439d (patch)
tree: 8bc0fbd6db0fbebf180f78b3b282fc6db66ada42 /src/lib
parent: d318285caec168b2b8a813845ae7b93b7e078aa3 (diff)
2 files changed, 9 insertions, 0 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 00fb47dad..e2571f64b 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1495,6 +1495,9 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
   case NDPI_HTTP_SUSPICIOUS_HEADER:
     return("HTTP Suspicious Header");
     
+  case NDPI_TLS_NOT_CARRYING_HTTPS:
+    return("TLS (probably) not carrying HTTPS");
+    
   default:
     snprintf(buf, sizeof(buf), "%d", (int)risk);
     return(buf);
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 1abf494d5..26be13a6f 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1381,6 +1381,12 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 #endif
 	    }
 
+	    /* Before returning to the caller we need to make a final check */
+	    if((flow->protos.stun_ssl.ssl.ssl_version >= 0x0303) /* >= TLSv1.2 */
+	       && (flow->protos.stun_ssl.ssl.alpn == NULL) /* No ALPN */) {
+	      NDPI_SET_BIT(flow->risk, NDPI_TLS_NOT_CARRYING_HTTPS);
+	    }
+
 	    return(2 /* Client Certificate */);
 	  } else {
 #ifdef DEBUG_TLS
author	Luca Deri <deri@ntop.org>	2020-06-08 14:20:10 +0200
committer	Luca Deri <deri@ntop.org>	2020-06-08 14:20:10 +0200
commit	3506a0786482a47281444b66a7089f64ea2b439d (patch)
tree	8bc0fbd6db0fbebf180f78b3b282fc6db66ada42 /src/lib
parent	d318285caec168b2b8a813845ae7b93b7e078aa3 (diff)