Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/johanna/fix-ssl2-client-hello-version-parsing'

Browse source 
* origin/topic/johanna/fix-ssl2-client-hello-version-parsing:
  Fix parsing of version field in SSLv2 client hello
This commit is contained in:
Johanna Amann 2024-08-27 13:29:12 +01:00
commit d89c0d1ef7
8 changed files with 32 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

8
scripts/base/protocols/ssl/main.zeek
View file

@ -283,9 +283,11 @@ event ssl_client_hello(c: connection, version: count, record_version: count, pos
c$ssl$client_ticket_empty_session_seen = F;
}
# add manually for SSLv2, since the handshake_message event is not raised, as there is no handshake protocol.
# We don't really have a direction in that case
if ( version == 2 )
# add manually for SSLv2 client hello, since the handshake_message event is not raised, as there is no handshake protocol.
# We don't really have a direction in that case.
# SSLv2 client hello is signified by a record_layer version of 0, as the client-hello itself can indicate
# a higher supported maximum version
if ( record_version == 0 )
add_to_history(c, T, "c");
}