From: Shravan Rangarajuvenkata (shrarang) <shrarang@cisco.com>
Date: Mon, 26 Aug 2019 23:53:48 +0000 (-0400)
Subject: Merge pull request #1717 in SNORT/snort3 from ~KAMURTHI/snort3:TLSV13 to master
X-Git-Tag: 3.0.0-260~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cbb9979ab1a44c70bb3c720995559905c4d22e71;p=thirdparty%2Fsnort3.git

Merge pull request #1717 in SNORT/snort3 from ~KAMURTHI/snort3:TLSV13 to master

Squashed commit of the following:

commit 541a74e8d1c6a088dfd9971e433faaefdfcaed83
Author: Kanimozhi Murthi <kamurthi@cisco.com>
Date:   Wed Aug 21 07:07:48 2019 -0400

    appid: handle 'change cipher spec' in 'server hello' to allow some app detection for tls 1.3 traffic
---

diff --git a/src/network_inspectors/appid/service_plugins/service_ssl.cc b/src/network_inspectors/appid/service_plugins/service_ssl.cc
index b28c7e409..e6437135c 100644
--- a/src/network_inspectors/appid/service_plugins/service_ssl.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ssl.cc
@@ -726,7 +726,8 @@ not_v2:     ;
                     hdr3 = (const ServiceSSLV3Hdr*)data;
                     ver = ntohs(hdr3->version);
                     if (size < sizeof(ServiceSSLV3Hdr) ||
-                        hdr3->type != SSL_HANDSHAKE ||
+                        (hdr3->type != SSL_HANDSHAKE &&
+                        hdr3->type != SSL_CHANGE_CIPHER ) ||
                         (ver != 0x0300 &&
                         ver != 0x0301 &&
                         ver != 0x0302 &&
@@ -734,6 +735,8 @@ not_v2:     ;
                     {
                         goto fail;
                     }
+                    if (hdr3->type == SSL_CHANGE_CIPHER)
+                        goto success;
                     data += sizeof(ServiceSSLV3Hdr);
                     size -= sizeof(ServiceSSLV3Hdr);
                     ss->tot_length = ntohs(hdr3->len);