From b162e5406e5603a981b58f51808ba4f174617033 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Thu, 27 Feb 2025 20:19:39 +0100
Subject: Added valid TLS extensions that used to trigger invalid risks

---
 src/lib/protocols/tls.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib/protocols/tls.c')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index a973074f6..a2f6213bc 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1994,7 +1994,9 @@ static void checkExtensions(struct ndpi_detection_module_struct *ndpi_struct,
       /* Ciphers */
       102, 129, 52243, 52244, 57363, 65279, 65413,
       /* ECH */
-      65037
+      65037,
+      /* ExtensionType value from draft-vvv-tls-alps. This is not an IANA defined extension number. */
+      17513, 17613
   };
   size_t const allowed_non_iana_extensions_size = sizeof(allowed_non_iana_extensions) /
     sizeof(allowed_non_iana_extensions[0]);
-- 
cgit v1.2.3