Actions
Bug #7274
openssl_state:unknown not implemented
Affected Versions:
Effort:
Difficulty:
Label:
Description
The keyword supports the "unknown" option, but it is not implemented. The keyword checks a flag in the state "SSL_AL_FLAG_STATE_UNKNOWN", but this flag is never set.
Updated by Victor Julien 3 months ago
- Related to Bug #3218: ssl_state does the wrong thing added
Updated by Jeff Lucovsky about 2 months ago
In src/detect-ssl-state.c, the bit DETECT_SSL_STATE_UNKNOWN
is set when the unknown
keyword is used
That flag is defined here
src/detect-ssl-state.h:32:#define DETECT_SSL_STATE_UNKNOWN SSL_AL_FLAG_STATE_UNKNOWN
Updated by Victor Julien about 2 months ago
Yes, but SSL_AL_FLAG_STATE_UNKNOWN
isn't, so it can't ever match.
Updated by Jeff Lucovsky about 2 months ago
I've found that the unknown state occurs following a handshake failure; are there other conditions leaving the state unknown?
Updated by Victor Julien about 2 months ago
Where is the flag set? I don't see it.
Actions