Bug #7274
open
ssl_state:unknown not implemented
Added by Victor Julien about 2 months ago.
Updated 18 days ago.
Description
The keyword supports the "unknown" option, but it is not implemented. The keyword checks a flag in the state "SSL_AL_FLAG_STATE_UNKNOWN", but this flag is never set.
Related issues
1 (1 open — 0 closed)
- Related to Bug #3218: ssl_state does the wrong thing added
In src/detect-ssl-state.c, the bit DETECT_SSL_STATE_UNKNOWN is set when the unknown keyword is used
That flag is defined here
src/detect-ssl-state.h:32:#define DETECT_SSL_STATE_UNKNOWN SSL_AL_FLAG_STATE_UNKNOWN
Yes, but SSL_AL_FLAG_STATE_UNKNOWN isn't, so it can't ever match.
I've found that the unknown state occurs following a handshake failure; are there other conditions leaving the state unknown?
Where is the flag set? I don't see it.
Also available in: Atom
PDF