diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2025-01-06 13:16:57 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-06 13:16:57 +0100 |
| commit | e77ff5ebd8981bf72c3981aeab3899850027973f (patch) | |
| tree | 9fc8c1ff2ac8294faed17503f79829d118f7715f /src/lib | |
| parent | cae9fb9989838f213eeb857b8fc4bbeac6940049 (diff) | |
TLS: fix `NDPI_TLS_WEAK_CIPHER` flow risk (#2647)
We should set it also for "obsolete"/"insecure" ciphers, not only for
the "weak" ones.
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/protocols/tls.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index b6fe9d7a6..ae28ab7a8 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -2302,7 +2302,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, return(0); /* Not found */ ja.server.num_ciphers = 1, ja.server.cipher[0] = ntohs(*((u_int16_t*)&packet->payload[offset])); - if((flow->protos.tls_quic.server_unsafe_cipher = ndpi_is_safe_ssl_cipher(ja.server.cipher[0])) == 1) { + if((flow->protos.tls_quic.server_unsafe_cipher = ndpi_is_safe_ssl_cipher(ja.server.cipher[0])) != NDPI_CIPHER_SAFE) { char str[64]; char unknown_cipher[8]; |