diff --git a/src/analyzer/protocol/ssl/spicy/SSL.spicy b/src/analyzer/protocol/ssl/spicy/SSL.spicy index f89b81b191..848ad06a45 100644 --- a/src/analyzer/protocol/ssl/spicy/SSL.spicy +++ b/src/analyzer/protocol/ssl/spicy/SSL.spicy @@ -721,7 +721,7 @@ type SSL2Record = unit(lengthone: uint8, inout msg: Message, inout sh: Share) { on %init { if (sh.negotiated_version != UNKNOWN_VERSION && sh.negotiated_version != SSLv2) { - spicy::decline_input("Late switch to SSLv2 record"); + throw "Late switch to SSLv2 record"; } } }; @@ -971,7 +971,7 @@ type uint24 = unit { type SSL2ClientHello = unit(len: uint64, msg: Message, inout sh: Share) { direction_check: DirectionCheck(sh, True); # should be sent by originator - client_version: uint16; + client_version: uint16 &requires=($$ == SSLv2 || $$ == SSLv3 || $$ == TLSv10 || $$ == TLSv11 || $$ == TLSv12 : "Invalid version in SSL client hello. Version: %s" % $$); ciphers_len: uint16; session_len: uint16; chal_len: uint16; @@ -979,16 +979,9 @@ type SSL2ClientHello = unit(len: uint64, msg: Message, inout sh: Share) { session_id: bytes &size=self.session_len; challenge: bytes &size=self.chal_len; - on client_version { - if (self.client_version != SSLv2 && self.client_version != SSLv3 && self.client_version != TLSv10 && self.client_version != TLSv11 && self.client_version != TLSv12) { - spicy::decline_input("Invalid version in SSL client hello. Version: %s, self.client_version"); # Version: " + self.client_version); - zeek::skip_input(); - } - } - on %init { if (msg.first_packet == False) { - spicy::decline_input("SSLv2 client hello late in connection"); + throw "SSLv2 client hello late in connection"; } } }; @@ -1007,7 +1000,7 @@ type SSL2ServerHello = unit(len: uint64, msg: Message, inout sh: Share) { on %init { if (msg.first_packet == False) { - spicy::decline_input("SSLv2 server hello late in connection"); + throw "SSLv2 server hello late in connection"; } }