TLS Risks - Certificate Validity Too Long (#1239)

* Added flow risk: TLS certificate too long * Added flow risk: TLS certificate too long * Date for TLS limit added * TLS certificate check fixed Co-authored-by: pacant <a.pace97@outlook.com>
author: pacant <pacant2@gmail.com> 2021-07-14 11:13:22 +0200
committer: GitHub <noreply@github.com> 2021-07-14 11:13:22 +0200
commit: 19a29e1e228f4a821c7ce89be064f70d80f4282a (patch)
tree: 20eab205da8fff9108fe83ee8a088f92ef02f553 /wireshark/ndpi.lua
parent: c411df523e7e418a9bd9074768308e86370f5aa4 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/wireshark/ndpi.lua b/wireshark/ndpi.lua
index f0fef9dd2..52f7051b4 100644
--- a/wireshark/ndpi.lua
+++ b/wireshark/ndpi.lua
@@ -68,6 +68,7 @@ flow_risks[28] = ProtoField.bool("ndpi.flow_risk.possibly_malicious_ja3", "Possi
 flow_risks[29] = ProtoField.bool("ndpi.flow_risk.possibly_malicious_ssl_certificate_sha1", "Possibly Malicious SSL Certificate SHA1 Fingerprint", num_bits_flow_risks, nil, bit(29), "nDPI Flow Risk: Possibly Malicious SSL Certificate SHA1 Fingerprint")
 flow_risks[30] = ProtoField.bool("ndpi.flow_risk.desktop_file_sharing_session", "Desktop/File Sharing Session", num_bits_flow_risks, nil, bit(30), "nDPI Flow Risk: Desktop/File Sharing Session")
 flow_risks[31] = ProtoField.bool("ndpi.flow_risk.uncommon_tls_alpn", "Uncommon TLS ALPN", num_bits_flow_risks, nil, bit(31), "nDPI Flow Risk: Uncommon TLS ALPN")
+flow_risks[32] = ProtoField.bool("ndpi.flow_risk.cert_validity_too_long", "TLS certificate validity longer than 13 months", num_bits_flow_risks, nil, bit(32), "nDPI Flow Risk: TLS certificate validity longer than 13 months")
 for _,v in pairs(flow_risks) do
   ndpi_fds[#ndpi_fds + 1] = v
 end
author	pacant <pacant2@gmail.com>	2021-07-14 11:13:22 +0200
committer	GitHub <noreply@github.com>	2021-07-14 11:13:22 +0200
commit	19a29e1e228f4a821c7ce89be064f70d80f4282a (patch)
tree	20eab205da8fff9108fe83ee8a088f92ef02f553 /wireshark/ndpi.lua
parent	c411df523e7e418a9bd9074768308e86370f5aa4 (diff)