smtp: recognize if client initiated TLS

author Philippe Antoine <pantoine@oisf.net>

Thu, 19 Dec 2024 10:19:56 +0000 (11:19 +0100)

committer Victor Julien <victor@inliniac.net>

Tue, 21 Jan 2025 17:36:33 +0000 (18:36 +0100)
author Philippe Antoine <pantoine@oisf.net>
Thu, 19 Dec 2024 10:19:56 +0000 (11:19 +0100)
committer Victor Julien <victor@inliniac.net>
Tue, 21 Jan 2025 17:36:33 +0000 (18:36 +0100)
diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c

index b2bf22a53145001ee0633e299f84590743da6942..472ef7b040e2f5d3dea003114ea6f9c71fcf5aac 100644 (file)
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -1699,7 +1699,7 @@ static AppProto SMTPServerProbingParser(
          return ALPROTO_UNKNOWN;
      }
      AppProto r = ALPROTO_UNKNOWN;
-    if (f->todstbytecnt > 4 && f->alproto_ts == ALPROTO_UNKNOWN) {
+    if (f->todstbytecnt > 4 && (f->alproto_ts == ALPROTO_UNKNOWN || f->alproto_ts == ALPROTO_TLS)) {
          // Only validates SMTP if client side is unknown
          // despite having received bytes.
          r = ALPROTO_SMTP;
author	Philippe Antoine <pantoine@oisf.net>
	Thu, 19 Dec 2024 10:19:56 +0000 (11:19 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 21 Jan 2025 17:36:33 +0000 (18:36 +0100)