From 10576eab0a9c80ecf242598b5d193a40cf41b9f3 Mon Sep 17 00:00:00 2001
From: Luca Deri <deri@ntop.org>
Date: Tue, 5 Oct 2021 16:44:04 +0200
Subject: TLS obsolete protocol is set when TLS < 1.2 (used to be 1.1)

---
 src/lib/ndpi_utils.c    | 2 +-
 src/lib/protocols/tls.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index f969c6c59..9839d8863 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1697,7 +1697,7 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
     return("Self-signed Certificate");
 
   case NDPI_TLS_OBSOLETE_VERSION:
-    return("Obsolete TLS version (older than 1.1)");
+    return("Obsolete TLS version (older than 1.2)");
 
   case NDPI_TLS_WEAK_CIPHER:
     return("Weak TLS cipher");
diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index aac8798b3..2d9d517cc 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -1495,7 +1495,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
       ja3.client.alpn[0] = '\0';
 
       flow->protos.tls_quic_stun.tls_quic.ssl_version = ja3.client.tls_handshake_version = tls_version;
-      if(flow->protos.tls_quic_stun.tls_quic.ssl_version < 0x0302) /* TLSv1.1 */
+      if(flow->protos.tls_quic_stun.tls_quic.ssl_version < 0x0303) /* < TLSv1.2 */
 	ndpi_set_risk(ndpi_struct, flow, NDPI_TLS_OBSOLETE_VERSION);
 
       if((session_id_len+base_offset+3) > packet->payload_packet_len)
-- 
cgit v1.2.3