Merge pull request #1717 in SNORT/snort3 from ~KAMURTHI/snort3:TLSV13 to master

author Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>

Mon, 26 Aug 2019 23:53:48 +0000 (19:53 -0400)

committer Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>

Mon, 26 Aug 2019 23:53:48 +0000 (19:53 -0400)
author Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Mon, 26 Aug 2019 23:53:48 +0000 (19:53 -0400)
committer Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Mon, 26 Aug 2019 23:53:48 +0000 (19:53 -0400)
diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc

index b28c7e409550b417b5af6184ee4fcf46192851c8..e6437135cfa0c712183c45ac23be754a69e2c71f 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ssl.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc
@@ -726,7 +726,8 @@ not_v2:     ;
                      hdr3 = (const ServiceSSLV3Hdr*)data;
                      ver = ntohs(hdr3->version);
                      if (size < sizeof(ServiceSSLV3Hdr) ||
-                        hdr3->type != SSL_HANDSHAKE ||
+                        (hdr3->type != SSL_HANDSHAKE &&
+                        hdr3->type != SSL_CHANGE_CIPHER ) ||
                          (ver != 0x0300 &&
                          ver != 0x0301 &&
                          ver != 0x0302 &&
@@ -734,6 +735,8 @@ not_v2:     ;
                      {
                          goto fail;
                      }
+                    if (hdr3->type == SSL_CHANGE_CIPHER)
+                        goto success;
                      data += sizeof(ServiceSSLV3Hdr);
                      size -= sizeof(ServiceSSLV3Hdr);
                      ss->tot_length = ntohs(hdr3->len);
author	Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
	Mon, 26 Aug 2019 23:53:48 +0000 (19:53 -0400)
committer	Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
	Mon, 26 Aug 2019 23:53:48 +0000 (19:53 -0400)