3 files changed, 15 insertions, 0 deletions

diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index febce1a25..3ae88d0b3 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -50,6 +50,11 @@ typedef enum {
   ndpi_l2tp_tunnel,
 } ndpi_packet_tunnel;
 
+/*
+  NOTE
+  When the typedef below is modified don't forget
+  to update ndpi_risk2str (in ndpi_utils.c)
+ */
 typedef enum {
   NDPI_NO_RISK = 0,
   NDPI_URL_POSSIBLE_XSS,
@@ -66,6 +71,7 @@ typedef enum {
   NDPI_HTTP_NUMERIC_IP_HOST,
   NDPI_HTTP_SUSPICIOUS_URL,
   NDPI_HTTP_SUSPICIOUS_HEADER,
+  NDPI_TLS_NOT_CARRYING_HTTPS,
   
   /* Leave this as last member */
   NDPI_MAX_RISK
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 00fb47dad..e2571f64b 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1495,6 +1495,9 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
   case NDPI_HTTP_SUSPICIOUS_HEADER:
     return("HTTP Suspicious Header");
     
+  case NDPI_TLS_NOT_CARRYING_HTTPS:
+    return("TLS (probably) not carrying HTTPS");
+    
   default:
     snprintf(buf, sizeof(buf), "%d", (int)risk);
     return(buf);
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 1abf494d5..26be13a6f 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1381,6 +1381,12 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 #endif
 	    }
 
+	    /* Before returning to the caller we need to make a final check */
+	    if((flow->protos.stun_ssl.ssl.ssl_version >= 0x0303) /* >= TLSv1.2 */
+	       && (flow->protos.stun_ssl.ssl.alpn == NULL) /* No ALPN */) {
+	      NDPI_SET_BIT(flow->risk, NDPI_TLS_NOT_CARRYING_HTTPS);
+	    }
+
 	    return(2 /* Client Certificate */);
 	  } else {
 #ifdef DEBUG_TLS