From 3506a0786482a47281444b66a7089f64ea2b439d Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Mon, 8 Jun 2020 14:20:10 +0200 Subject: Added check in TLS 1.2+ for reporting a risk when TLS is not used to carry HTTPS --- src/lib/ndpi_utils.c | 3 +++ src/lib/protocols/tls.c | 6 ++++++ 2 files changed, 9 insertions(+) (limited to 'src/lib') diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 00fb47dad..e2571f64b 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1495,6 +1495,9 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) { case NDPI_HTTP_SUSPICIOUS_HEADER: return("HTTP Suspicious Header"); + case NDPI_TLS_NOT_CARRYING_HTTPS: + return("TLS (probably) not carrying HTTPS"); + default: snprintf(buf, sizeof(buf), "%d", (int)risk); return(buf); diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c index 1abf494d5..26be13a6f 100644 --- a/src/lib/protocols/tls.c +++ b/src/lib/protocols/tls.c @@ -1381,6 +1381,12 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct, #endif } + /* Before returning to the caller we need to make a final check */ + if((flow->protos.stun_ssl.ssl.ssl_version >= 0x0303) /* >= TLSv1.2 */ + && (flow->protos.stun_ssl.ssl.alpn == NULL) /* No ALPN */) { + NDPI_SET_BIT(flow->risk, NDPI_TLS_NOT_CARRYING_HTTPS); + } + return(2 /* Client Certificate */); } else { #ifdef DEBUG_TLS -- cgit v1.2.3