tls: avoid tls.invalid_handshake_message FP

Don't set TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE event on encrypted
handshake messages.

(cherry picked from commit cf4c201acbf6e9558e450a8dc76d12b48bf49b8d)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index 113dd34fae2995d198014b6066b4951816463322..2a61c87544c0d42c44db9437ca9ddf48ac34e80d 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1623,7 +1623,13 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input
             input_len -= avail_record_len;
 
             SSLParserHSReset(ssl_state->curr_connp);
-            SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
+
+            if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) ||
+                    (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) {
+                // after Change Cipher Spec we get Encrypted Handshake Messages
+            } else {
+                SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE);
+            }
             continue;
         }