suricata

Commit Graph

Author	SHA1	Message	Date
Mats Klepsland	10c93221fa	tls: increase max number of tls records per packet Tls packets may contain several records. This increase the number of allowed records per packet from 30 to 255, and adds a new and more informative decoder event when this limit is reached.	8 years ago
Mats Klepsland	7c36b11a84	rules: add rule for HANDSHAKE_INVALID_LENGTH event	8 years ago
Mats Klepsland	33fd710367	rules: add rules for TLS SNI app layer events	9 years ago
Victor Julien	db563ed4b0	tls: check SSL3/TLS version per record Set event if SSL3/TLS record isn't within the acceptable range.	11 years ago
Victor Julien	c5f43785f1	tls/heartbleed: add rule for invalid encrypted hb Add rule to tls-events.rules to match on the invalid encrypted heartbeat.	11 years ago
Pierre Chifflier	d476c654ee	TLS: add detection for malicious heartbeats (AKA heartbleed) The OpenSSL implementation of RFC 6520 (Heartbeat extension) does not check the payload length correctly, resulting in a copy of at most 64k of memory from the server (ref: CVE-2014-0160). This patch adds support for decoding heartbeat messages (if not encrypted), and checking several parts (type, length and padding). When an anomaly is detected, a TLS event is raised.	11 years ago
Anoop Saldanha	cd7f0273a2	Add decoder event rule for tls event "invalid_ssl_record", which will now be available "app-layer-event:tls.invalid_ssl_record".	11 years ago
Victor Julien	e3764b90c3	tls: debug compilation fixes, new tls decoder rule for tls.error_message_encountered event.	13 years ago
Victor Julien	e624c56c83	Add TLS decoder event rule file.	13 years ago

9 Commits (1d9f37a60e7fde720768f41e5680ee2e02b78ffc)