From cf4c201acbf6e9558e450a8dc76d12b48bf49b8d Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 22 Aug 2022 10:49:34 +0200 Subject: [PATCH] tls: avoid tls.invalid_handshake_message FP Don't set TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE event on encrypted handshake messages. --- src/app-layer-ssl.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c index 31ff59fc20..b5b113c202 100644 --- a/src/app-layer-ssl.c +++ b/src/app-layer-ssl.c @@ -1635,7 +1635,13 @@ static int SSLv3ParseHandshakeProtocol(SSLState *ssl_state, const uint8_t *input input_len -= avail_record_len; SSLParserHSReset(ssl_state->curr_connp); - SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE); + + if ((direction && (ssl_state->flags & SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC)) || + (!direction && (ssl_state->flags & SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC))) { + // after Change Cipher Spec we get Encrypted Handshake Messages + } else { + SSLSetEvent(ssl_state, TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE); + } continue; }