tls: improve versions extension logic

Skip over unusable versions like GREASE.

(cherry picked from commit c028800ae151415ca524ede755f9b880a19771ab)

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index e33119c5fb0ed3c1e3647f32349fa16485e4798a..a3058c203854e69c113572143d8452f94641e6ad 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -1003,8 +1003,17 @@ static inline int TLSDecodeHSHelloExtensionSupportedVersions(SSLState *ssl_state
         if (!(HAS_SPACE(supported_ver_len)))
             goto invalid_length;
 
-        /* Use the first (and prefered) version as client version */
-        ssl_state->curr_connp->version = *input << 8 | *(input + 1);
+        /* Use the first (and prefered) valid version as client version,
+         * skip over GREASE and other possible noise. */
+        uint16_t i = 0;
+        while (i < (uint16_t)supported_ver_len) {
+            uint16_t ver = (uint16_t)(input[i] << 8) | input[i + 1];
+            if (TLSVersionValid(ver)) {
+                ssl_state->curr_connp->version = ver;
+                break;
+            }
+            i += 2;
+        }
 
         /* Set a flag to indicate that we have seen this extension */
         ssl_state->flags |= SSL_AL_FLAG_CH_VERSION_EXTENSION;