From: Philippe Antoine <contact@catenacyber.fr>
Date: Wed, 10 Jul 2019 19:02:09 +0000 (+0200)
Subject: ssl: register probing for port 443 if no config
X-Git-Tag: suricata-5.0.0-rc1~180
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=477328f79b24896488de51aaa75f274e1ee5ed9b;p=thirdparty%2Fsuricata.git

ssl: register probing for port 443 if no config
---

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index ea384c8d1e..0adc077d86 100644
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -2853,10 +2853,20 @@ void RegisterSSLParsers(void)
                                           STREAM_TOSERVER,
                                           SSLProbingParser, NULL);
         } else {
-            AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
-                                                proto_name, ALPROTO_TLS,
-                                                0, 3,
-                                                SSLProbingParser, NULL);
+            if (AppLayerProtoDetectPPParseConfPorts("tcp", IPPROTO_TCP,
+                                                    proto_name, ALPROTO_TLS,
+                                                    0, 3,
+                                                    SSLProbingParser, NULL) == 0) {
+                SCLogWarning(SC_ERR_MISSING_CONFIG_PARAM,
+                             "no TLS config found, "
+                             "enabling TLS detection on port 443.");
+                AppLayerProtoDetectPPRegister(IPPROTO_TCP,
+                                              "443",
+                                              ALPROTO_TLS,
+                                              0, 3,
+                                              STREAM_TOSERVER,
+                                              SSLProbingParser, NULL);
+            }
         }
     } else {
         SCLogInfo("Protocol detection and parser disabled for %s protocol",