From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 19 Dec 2024 10:19:56 +0000 (+0100)
Subject: smtp: recognize if client initiated TLS
X-Git-Tag: suricata-8.0.0-beta1~546
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78715a5f3f71d1a6f414791833940093b9de368c;p=thirdparty%2Fsuricata.git

smtp: recognize if client initiated TLS

Ticket: 7469
---

diff --git a/src/app-layer-smtp.c b/src/app-layer-smtp.c
index b2bf22a531..472ef7b040 100644
--- a/src/app-layer-smtp.c
+++ b/src/app-layer-smtp.c
@@ -1699,7 +1699,7 @@ static AppProto SMTPServerProbingParser(
         return ALPROTO_UNKNOWN;
     }
     AppProto r = ALPROTO_UNKNOWN;
-    if (f->todstbytecnt > 4 && f->alproto_ts == ALPROTO_UNKNOWN) {
+    if (f->todstbytecnt > 4 && (f->alproto_ts == ALPROTO_UNKNOWN || f->alproto_ts == ALPROTO_TLS)) {
         // Only validates SMTP if client side is unknown
         // despite having received bytes.
         r = ALPROTO_SMTP;