diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/include/ndpi_typedefs.h | 2 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 8 | ||||
| -rw-r--r-- | src/lib/protocols/tls.c | 8 |
3 files changed, 15 insertions, 3 deletions
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index 4751c37ac..54e08ea11 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -58,6 +58,8 @@ typedef enum { NDPI_BINARY_APPLICATION_TRANSFER, NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT, NDPI_TLS_SELFSIGNED_CERTIFICATE, + NDPI_TLS_OBSOLETE_VERSION, + NDPI_TLS_WEAK_CIPHER, /* Leave this as last member */ NDPI_MAX_RISK diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 2fa21e220..bcdcbb9c6 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1425,7 +1425,13 @@ const char* ndpi_risk2str(ndpi_risk risk) { case NDPI_TLS_SELFSIGNED_CERTIFICATE: return("Self-signed Certificate"); - + + case NDPI_TLS_OBSOLETE_VERSION: + return("Obsolete TLS version (< 1.1)"); + + case NDPI_TLS_WEAK_CIPHER: + return("Weak TLS cipher"); + default: return(""); } diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 655d61ed6..3de9bbb83 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -839,7 +839,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, tls_version = ntohs(*((u_int16_t*)&packet->payload[version_offset])); flow->protos.stun_ssl.ssl.ssl_version = ja3.tls_handshake_version = tls_version; - + if(flow->protos.stun_ssl.ssl.ssl_version < 0x0302) /* TLSv1.1 */ + NDPI_SET_BIT_16(flow->risk, NDPI_TLS_OBSOLETE_VERSION); + if(handshake_type == 0x02 /* Server Hello */) { int i, rc; @@ -862,7 +864,9 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, return(0); /* Not found */ ja3.num_cipher = 1, ja3.cipher[0] = ntohs(*((u_int16_t*)&packet->payload[offset])); - flow->protos.stun_ssl.ssl.server_unsafe_cipher = ndpi_is_safe_ssl_cipher(ja3.cipher[0]); + if((flow->protos.stun_ssl.ssl.server_unsafe_cipher = ndpi_is_safe_ssl_cipher(ja3.cipher[0])) == 1) + NDPI_SET_BIT_16(flow->risk, NDPI_TLS_WEAK_CIPHER); + flow->protos.stun_ssl.ssl.server_cipher = ja3.cipher[0]; #ifdef DEBUG_TLS |