Go to the documentation of this file.
26 #ifndef SURICATA_APP_LAYER_SSL_H
27 #define SURICATA_APP_LAYER_SSL_H
85 #define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC BIT_U32(0)
87 #define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC BIT_U32(1)
88 #define SSL_AL_FLAG_CHANGE_CIPHER_SPEC BIT_U32(2)
91 #define SSL_AL_FLAG_SSL_CLIENT_HS BIT_U32(3)
92 #define SSL_AL_FLAG_SSL_SERVER_HS BIT_U32(4)
93 #define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY BIT_U32(5)
94 #define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED BIT_U32(6)
95 #define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED BIT_U32(7)
96 #define SSL_AL_FLAG_SSL_NO_SESSION_ID BIT_U32(8)
99 #define SSL_AL_FLAG_STATE_CLIENT_HELLO BIT_U32(9)
100 #define SSL_AL_FLAG_STATE_SERVER_HELLO BIT_U32(10)
101 #define SSL_AL_FLAG_STATE_CLIENT_KEYX BIT_U32(11)
102 #define SSL_AL_FLAG_STATE_SERVER_KEYX BIT_U32(12)
103 #define SSL_AL_FLAG_STATE_UNKNOWN BIT_U32(13)
106 #define SSL_AL_FLAG_STATE_FINISHED BIT_U32(14)
109 #define SSL_AL_FLAG_HB_INFLIGHT BIT_U32(15)
110 #define SSL_AL_FLAG_HB_CLIENT_INIT BIT_U32(16)
111 #define SSL_AL_FLAG_HB_SERVER_INIT BIT_U32(17)
114 #define SSL_AL_FLAG_HANDSHAKE_DONE BIT_U32(18)
117 #define SSL_AL_FLAG_SESSION_RESUMED BIT_U32(20)
120 #define SSL_AL_FLAG_CH_VERSION_EXTENSION BIT_U32(21)
124 #define SSL_AL_FLAG_LOG_WITHOUT_CERT BIT_U32(22)
128 #define SSL_AL_FLAG_EARLY_DATA BIT_U32(23)
131 #define TLS_TS_RANDOM_SET BIT_U32(24)
134 #define TLS_TC_RANDOM_SET BIT_U32(25)
136 #define SSL_AL_FLAG_NEED_CLIENT_CERT BIT_U32(26)
139 #define SSL_TLS_LOG_PEM (1 << 0)
142 #define SSL_EXTENSION_SNI 0x0000
143 #define SSL_EXTENSION_ELLIPTIC_CURVES 0x000a
144 #define SSL_EXTENSION_EC_POINT_FORMATS 0x000b
145 #define SSL_EXTENSION_SIGNATURE_ALGORITHMS 0x000d
146 #define SSL_EXTENSION_ALPN 0x0010
147 #define SSL_EXTENSION_SESSION_TICKET 0x0023
148 #define SSL_EXTENSION_EARLY_DATA 0x002a
149 #define SSL_EXTENSION_SUPPORTED_VERSIONS 0x002b
152 #define SSL_SNI_TYPE_HOST_NAME 0
155 #define SSL_VERSION_MAX_STRLEN 20
158 #define TLS_RANDOM_LEN 32
191 static inline bool TLSVersionValid(
const uint16_t
version)
SSLv[2.0|3.[0|1|2|3]] state structure.
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_ALERT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
SSLStateConnp client_connp
struct HtpBodyChunk_ * next
SSLStateConnp server_connp
uint16_t session_id_length
struct SSLAlpns_ SSLAlpns
SSLStateConnp * curr_connp
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_VERSION_13_DRAFT20_FB
AppLayerStateData state_data
void SSLVersionToString(uint16_t, char *)
uint8_t hs_buffer_message_type
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
uint32_t record_lengths_length
struct SSLStateConnp_ SSLStateConnp
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
uint32_t hs_buffer_offset
@ TLS_VERSION_13_DRAFT21_FB
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
TAILQ_HEAD(, SSLAlpns_) alpns
@ TLS_VERSION_13_DRAFT22_FB
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
uint32_t certs_buffer_size
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
struct AppLayerTxData AppLayerTxData
uint8_t random[TLS_RANDOM_LEN]
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
TAILQ_ENTRY(SSLAlpns_) next
@ TLS_VERSION_13_DRAFT26_FB
uint32_t hs_buffer_message_size
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
@ TLS_VERSION_13_PRE_DRAFT16
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
TAILQ_HEAD(, SSLCertsChain_) certs
@ TLS_VERSION_13_DRAFT23_FB
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
TAILQ_ENTRY(SSLCertsChain_) next
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
struct SSLState_ SSLState
SSLv[2.0|3.[0|1|2|3]] state structure.
struct SSLCertsChain_ SSLCertsChain
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT