Project

General

Profile

Actions

Bug #4657

open

SSLv2 app-layer detection patterns incorrectly registered

Added by Gianni Tedesco over 3 years ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
C

Description

The SSLv2 record format starts with 2 byte length, then it has a 1 byte
message-type field set to |01| for the client handshake, then a 2 byte
protocol version.

The SSLv3 record format (in use with modern TLS) starts with the
message-type of |16| and then the protocol, followed by the length.

This means that several of the patterns in the SSL app-layer detection
code are incorrect because they're looking in the wrong place in the
packet.

They should be looking at offset 2, depth 5. Not offset 0, depth 3.

Actions #1

Updated by Philippe Antoine 6 months ago

  • Target version set to TBD
Actions

Also available in: Atom PDF