suricata
app-layer-ssl.h
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  * \author Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
23  *
24  */
25 
26 #ifndef SURICATA_APP_LAYER_SSL_H
27 #define SURICATA_APP_LAYER_SSL_H
28 
29 #include "util-ja3.h"
30 #include "rust.h"
31 
33  TLS_FRAME_PDU = 0, /**< whole PDU, so header + data */
34  TLS_FRAME_HDR, /**< only header portion */
35  TLS_FRAME_DATA, /**< only data portion */
40 };
41 
42 enum {
43  /* TLS protocol messages */
60  /* Certificates decoding messages */
75 };
76 
83 };
84 
92 };
93 
94 /* Flag to indicate that server will now on send encrypted msgs */
95 #define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC BIT_U32(0)
96 /* Flag to indicate that client will now on send encrypted msgs */
97 #define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC BIT_U32(1)
98 #define SSL_AL_FLAG_CHANGE_CIPHER_SPEC BIT_U32(2)
99 
100 /* SSL related flags */
101 #define SSL_AL_FLAG_SSL_CLIENT_HS BIT_U32(3)
102 #define SSL_AL_FLAG_SSL_SERVER_HS BIT_U32(4)
103 #define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY BIT_U32(5)
104 #define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED BIT_U32(6)
105 #define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED BIT_U32(7)
106 #define SSL_AL_FLAG_SSL_NO_SESSION_ID BIT_U32(8)
107 
108 /* flags specific to detect-ssl-state keyword */
109 #define SSL_AL_FLAG_STATE_CLIENT_HELLO BIT_U32(9)
110 #define SSL_AL_FLAG_STATE_SERVER_HELLO BIT_U32(10)
111 #define SSL_AL_FLAG_STATE_CLIENT_KEYX BIT_U32(11)
112 #define SSL_AL_FLAG_STATE_SERVER_KEYX BIT_U32(12)
113 #define SSL_AL_FLAG_STATE_UNKNOWN BIT_U32(13)
114 
115 /* flags specific to HeartBeat state */
116 #define SSL_AL_FLAG_HB_INFLIGHT BIT_U32(15)
117 #define SSL_AL_FLAG_HB_CLIENT_INIT BIT_U32(16)
118 #define SSL_AL_FLAG_HB_SERVER_INIT BIT_U32(17)
119 
120 /* Session resumed without a full handshake */
121 #define SSL_AL_FLAG_SESSION_RESUMED BIT_U32(20)
122 
123 /* Encountered a supported_versions extension in client hello */
124 #define SSL_AL_FLAG_CH_VERSION_EXTENSION BIT_U32(21)
125 
126 /* Log the session even without ever seeing a certificate. This is used
127  to log TLSv1.3 sessions. */
128 #define SSL_AL_FLAG_LOG_WITHOUT_CERT BIT_U32(22)
129 
130 /* Encountered a early data extension in client hello. This extension is
131  used by 0-RTT. */
132 #define SSL_AL_FLAG_EARLY_DATA BIT_U32(23)
133 
134 /* flag to indicate that server random was filled */
135 #define TLS_TS_RANDOM_SET BIT_U32(24)
136 
137 /* flag to indicate that client random was filled */
138 #define TLS_TC_RANDOM_SET BIT_U32(25)
139 
140 #define SSL_AL_FLAG_NEED_CLIENT_CERT BIT_U32(26)
141 
142 /* config flags */
143 #define SSL_TLS_LOG_PEM (1 << 0)
144 
145 /* extensions */
146 #define SSL_EXTENSION_SNI 0x0000
147 #define SSL_EXTENSION_ELLIPTIC_CURVES 0x000a
148 #define SSL_EXTENSION_EC_POINT_FORMATS 0x000b
149 #define SSL_EXTENSION_SIGNATURE_ALGORITHMS 0x000d
150 #define SSL_EXTENSION_ALPN 0x0010
151 #define SSL_EXTENSION_SESSION_TICKET 0x0023
152 #define SSL_EXTENSION_EARLY_DATA 0x002a
153 #define SSL_EXTENSION_SUPPORTED_VERSIONS 0x002b
154 
155 /* SNI types */
156 #define SSL_SNI_TYPE_HOST_NAME 0
157 
158 /* Max string length of the TLS version string */
159 #define SSL_VERSION_MAX_STRLEN 20
160 
161 /* TLS random bytes for the sticky buffer */
162 #define TLS_RANDOM_LEN 32
163 
164 /* SSL versions. We'll use a unified format for all, with the top byte
165  * holding the major version and the lower byte the minor version */
166 enum {
168  SSL_VERSION_2 = 0x0200,
169  SSL_VERSION_3 = 0x0300,
170  TLS_VERSION_10 = 0x0301,
171  TLS_VERSION_11 = 0x0302,
172  TLS_VERSION_12 = 0x0303,
173  TLS_VERSION_13 = 0x0304,
193 };
194 
195 static inline bool TLSVersionValid(const uint16_t version)
196 {
197  switch (version) {
198  case TLS_VERSION_13:
199  case TLS_VERSION_12:
200  case TLS_VERSION_11:
201  case TLS_VERSION_10:
202  case SSL_VERSION_3:
203 
223  return true;
224  }
225  return false;
226 }
227 
228 typedef struct SSLCertsChain_ {
229  uint8_t *cert_data;
230  uint32_t cert_len;
233 
234 typedef struct SSLAlpns_ {
236  uint32_t size;
237  uint8_t alpn[];
239 
240 typedef struct SSLStateConnp_ {
241  /* record length */
242  uint32_t record_length;
243  /* record length's length for SSLv2 */
245 
246  /* offset of the beginning of the current message (including header) */
247  uint32_t message_length;
248 
249  uint16_t version;
250  uint8_t content_type;
251 
252  uint8_t handshake_type;
253 
254  /* the no of bytes processed in the currently parsed record */
255  uint32_t bytes_processed;
256 
258 
266 
267  char **cert0_sans;
268  uint16_t cert0_sans_len;
269  /* ssl server name indication extension */
270  char *sni;
271 
272  char *session_id;
273 
276 
277  uint8_t *certs_buffer;
279 
280  uint32_t cert_log_flag;
281 
283  char *ja3_hash;
284 
285  JA4 *ja4;
286 
287  /* handshake tls fragmentation buffer. Handshake messages can be fragmented over multiple
288  * TLS records. */
289  uint8_t *hs_buffer;
292  uint32_t hs_buffer_size; /**< allocation size */
293  uint32_t hs_buffer_offset; /**< write offset */
295 
296 /**
297  * \brief SSLv[2.0|3.[0|1|2|3]] state structure.
298  *
299  * Structure to store the SSL state values.
300  */
301 typedef struct SSLState_ {
302  Flow *f;
303 
304  AppLayerStateData state_data;
306 
307  /* holds some state flags we need */
308  uint32_t flags;
309 
310  /* there might be a better place to store this*/
311  uint32_t hb_record_len;
312 
313  uint16_t events;
314 
315  uint32_t current_flags;
316 
318 
321 
325 
326 void RegisterSSLParsers(void);
327 void SSLVersionToString(uint16_t, char *);
328 void SSLEnableJA3(void);
329 bool SSLJA3IsEnabled(void);
330 void SSLEnableJA4(void);
331 bool SSLJA4IsEnabled(void);
332 
333 #endif /* SURICATA_APP_LAYER_SSL_H */
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
Definition: app-layer-ssl.h:71
SSLStateConnp_::cert0_subject
char * cert0_subject
Definition: app-layer-ssl.h:260
SSLState_
SSLv[2.0|3.[0|1|2|3]] state structure.
Definition: app-layer-ssl.h:301
TLS_VERSION_12
@ TLS_VERSION_12
Definition: app-layer-ssl.h:172
JA3Buffer_
Definition: util-ja3.h:31
TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
Definition: app-layer-ssl.h:53
SSLCertsChain_::cert_len
uint32_t cert_len
Definition: app-layer-ssl.h:230
TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_HEARTBEAT
Definition: app-layer-ssl.h:50
TLS_VERSION_10
@ TLS_VERSION_10
Definition: app-layer-ssl.h:170
TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
Definition: app-layer-ssl.h:52
TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
Definition: app-layer-ssl.h:73
SSLState_::hb_record_len
uint32_t hb_record_len
Definition: app-layer-ssl.h:311
SSLStateConnp_::message_length
uint32_t message_length
Definition: app-layer-ssl.h:247
SSLState_::client_connp
SSLStateConnp client_connp
Definition: app-layer-ssl.h:322
TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
Definition: app-layer-ssl.h:49
TLS_FRAME_DATA
@ TLS_FRAME_DATA
Definition: app-layer-ssl.h:35
SSLStateConnp_::bytes_processed
uint32_t bytes_processed
Definition: app-layer-ssl.h:255
TLS_VERSION_13_DRAFT19
@ TLS_VERSION_13_DRAFT19
Definition: app-layer-ssl.h:183
next
struct HtpBodyChunk_ * next
Definition: app-layer-htp.h:0
SSLState_::server_connp
SSLStateConnp server_connp
Definition: app-layer-ssl.h:323
SSLStateConnp_::cert0_not_before
int64_t cert0_not_before
Definition: app-layer-ssl.h:263
SSLStateConnp_
Definition: app-layer-ssl.h:240
SSLStateConnp_::ja3_hash
char * ja3_hash
Definition: app-layer-ssl.h:283
SSLStateConnp_::session_id_length
uint16_t session_id_length
Definition: app-layer-ssl.h:257
Flow_
Flow data structure.
Definition: flow.h:356
SSLState_::f
Flow * f
Definition: app-layer-ssl.h:302
SSL_VERSION_2
@ SSL_VERSION_2
Definition: app-layer-ssl.h:168
SSLAlpns
struct SSLAlpns_ SSLAlpns
SSLState_::tx_data
AppLayerTxData tx_data
Definition: app-layer-ssl.h:305
SSLAlpns_::size
uint32_t size
Definition: app-layer-ssl.h:236
SSLState_::curr_connp
SSLStateConnp * curr_connp
Definition: app-layer-ssl.h:317
TLS_STATE_SERVER_HELLO_DONE
@ TLS_STATE_SERVER_HELLO_DONE
Definition: app-layer-ssl.h:89
rust.h
SSLAlpns_
Definition: app-layer-ssl.h:234
util-ja3.h
SSLState_::state_data
AppLayerStateData state_data
Definition: app-layer-ssl.h:304
SSLStateConnp_::sni
char * sni
Definition: app-layer-ssl.h:270
SSLStateConnp_::ja4
JA4 * ja4
Definition: app-layer-ssl.h:285
TLS_VERSION_11
@ TLS_VERSION_11
Definition: app-layer-ssl.h:171
TLS_DECODER_EVENT_INVALID_TLS_HEADER
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
Definition: app-layer-ssl.h:45
SSLVersionToString
void SSLVersionToString(uint16_t, char *)
Definition: app-layer-ssl.c:391
TLS_VERSION_13_DRAFT26_FB
@ TLS_VERSION_13_DRAFT26_FB
Definition: app-layer-ssl.h:192
SSLStateConnp_::hs_buffer_message_type
uint8_t hs_buffer_message_type
Definition: app-layer-ssl.h:290
TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
Definition: app-layer-ssl.h:74
TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
Definition: app-layer-ssl.h:58
TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
Definition: app-layer-ssl.h:55
TLS_VERSION_13_DRAFT25
@ TLS_VERSION_13_DRAFT25
Definition: app-layer-ssl.h:177
SSLStateConnp_::record_lengths_length
uint32_t record_lengths_length
Definition: app-layer-ssl.h:244
TLS_FRAME_SSLV2_HDR
@ TLS_FRAME_SSLV2_HDR
Definition: app-layer-ssl.h:38
SSLStateConnp_::cert0_issuerdn
char * cert0_issuerdn
Definition: app-layer-ssl.h:261
SSLStateConnp_::hs_buffer_size
uint32_t hs_buffer_size
Definition: app-layer-ssl.h:292
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
Definition: app-layer-ssl.h:69
TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
Definition: app-layer-ssl.h:62
TLS_FRAME_HB_DATA
@ TLS_FRAME_HB_DATA
Definition: app-layer-ssl.h:37
SSLStateConnp_::cert0_not_after
int64_t cert0_not_after
Definition: app-layer-ssl.h:264
SSLStateConnp
struct SSLStateConnp_ SSLStateConnp
SSLState_::current_flags
uint32_t current_flags
Definition: app-layer-ssl.h:315
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
Definition: app-layer-ssl.h:72
TLS_VERSION_13_DRAFT28
@ TLS_VERSION_13_DRAFT28
Definition: app-layer-ssl.h:174
TLS_STATE_CLIENT_HANDSHAKE_DONE
@ TLS_STATE_CLIENT_HANDSHAKE_DONE
Definition: app-layer-ssl.h:81
TLS_DECODER_EVENT_INVALID_RECORD_TYPE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
Definition: app-layer-ssl.h:47
SSLState_::client_state
enum TlsStateClient client_state
Definition: app-layer-ssl.h:319
SSLEnableJA3
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
Definition: app-layer-ssl.c:3489
SSLStateConnp_::handshake_type
uint8_t handshake_type
Definition: app-layer-ssl.h:252
SSLStateConnp_::hs_buffer_offset
uint32_t hs_buffer_offset
Definition: app-layer-ssl.h:293
SSLStateConnp_::certs_buffer
uint8_t * certs_buffer
Definition: app-layer-ssl.h:277
TLS_STATE_CLIENT_HELLO_DONE
@ TLS_STATE_CLIENT_HELLO_DONE
Definition: app-layer-ssl.h:79
TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
Definition: app-layer-ssl.h:46
TlsStateServer
TlsStateServer
Definition: app-layer-ssl.h:85
TLS_VERSION_13_DRAFT17
@ TLS_VERSION_13_DRAFT17
Definition: app-layer-ssl.h:185
TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
Definition: app-layer-ssl.h:67
SSLCertsChain_
Definition: app-layer-ssl.h:228
TlsFrameTypes
TlsFrameTypes
Definition: app-layer-ssl.h:32
TLS_VERSION_13_DRAFT21_FB
@ TLS_VERSION_13_DRAFT21_FB
Definition: app-layer-ssl.h:189
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
Definition: app-layer-ssl.h:64
TlsStateClient
TlsStateClient
Definition: app-layer-ssl.h:77
TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
Definition: app-layer-ssl.h:70
TLS_STATE_SERVER_FINISHED
@ TLS_STATE_SERVER_FINISHED
Definition: app-layer-ssl.h:91
TLS_RANDOM_LEN
#define TLS_RANDOM_LEN
Definition: app-layer-ssl.h:162
TLS_STATE_CLIENT_IN_PROGRESS
@ TLS_STATE_CLIENT_IN_PROGRESS
Definition: app-layer-ssl.h:78
TLS_VERSION_13_DRAFT24
@ TLS_VERSION_13_DRAFT24
Definition: app-layer-ssl.h:178
SSLState_::events
uint16_t events
Definition: app-layer-ssl.h:313
TLS_FRAME_SSLV2_PDU
@ TLS_FRAME_SSLV2_PDU
Definition: app-layer-ssl.h:39
TLS_VERSION_UNKNOWN
@ TLS_VERSION_UNKNOWN
Definition: app-layer-ssl.h:167
SSLStateConnp_::TAILQ_HEAD
TAILQ_HEAD(, SSLAlpns_) alpns
RegisterSSLParsers
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
Definition: app-layer-ssl.c:3349
TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
Definition: app-layer-ssl.h:44
TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
Definition: app-layer-ssl.h:48
SSLState_::server_state
enum TlsStateServer server_state
Definition: app-layer-ssl.h:320
TLS_VERSION_13_DRAFT20_FB
@ TLS_VERSION_13_DRAFT20_FB
Definition: app-layer-ssl.h:188
SSLStateConnp_::record_length
uint32_t record_length
Definition: app-layer-ssl.h:242
TLS_VERSION_13_DRAFT22
@ TLS_VERSION_13_DRAFT22
Definition: app-layer-ssl.h:180
TLS_STATE_SERVER_CERT_DONE
@ TLS_STATE_SERVER_CERT_DONE
Definition: app-layer-ssl.h:88
SSLCertsChain_::cert_data
uint8_t * cert_data
Definition: app-layer-ssl.h:229
SSLStateConnp_::certs_buffer_size
uint32_t certs_buffer_size
Definition: app-layer-ssl.h:278
TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
Definition: app-layer-ssl.h:51
TLS_VERSION_13_DRAFT23_FB
@ TLS_VERSION_13_DRAFT23_FB
Definition: app-layer-ssl.h:191
SSL_VERSION_3
@ SSL_VERSION_3
Definition: app-layer-ssl.h:169
TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
Definition: app-layer-ssl.h:54
AppLayerTxData
struct AppLayerTxData AppLayerTxData
Definition: detect.h:1466
TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
Definition: app-layer-ssl.h:63
SSLStateConnp_::random
uint8_t random[TLS_RANDOM_LEN]
Definition: app-layer-ssl.h:259
TLS_DECODER_EVENT_INVALID_CERTIFICATE
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
Definition: app-layer-ssl.h:61
SSLAlpns_::TAILQ_ENTRY
TAILQ_ENTRY(SSLAlpns_) next
TLS_FRAME_PDU
@ TLS_FRAME_PDU
Definition: app-layer-ssl.h:33
SSLAlpns_::alpn
uint8_t alpn[]
Definition: app-layer-ssl.h:237
TLS_VERSION_13_DRAFT27
@ TLS_VERSION_13_DRAFT27
Definition: app-layer-ssl.h:175
version
uint8_t version
Definition: decode-gre.h:1
SSLStateConnp_::content_type
uint8_t content_type
Definition: app-layer-ssl.h:250
SSLStateConnp_::hs_buffer_message_size
uint32_t hs_buffer_message_size
Definition: app-layer-ssl.h:291
TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
Definition: app-layer-ssl.h:65
SSLEnableJA4
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
Definition: app-layer-ssl.c:3506
TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
Definition: app-layer-ssl.h:56
TLS_STATE_CLIENT_CERT_DONE
@ TLS_STATE_CLIENT_CERT_DONE
Definition: app-layer-ssl.h:80
TLS_VERSION_13_PRE_DRAFT16
@ TLS_VERSION_13_PRE_DRAFT16
Definition: app-layer-ssl.h:187
TLS_STATE_SERVER_IN_PROGRESS
@ TLS_STATE_SERVER_IN_PROGRESS
Definition: app-layer-ssl.h:86
TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
Definition: app-layer-ssl.h:66
TLS_VERSION_13_DRAFT20
@ TLS_VERSION_13_DRAFT20
Definition: app-layer-ssl.h:182
SSLJA3IsEnabled
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
Definition: app-layer-ssl.c:3525
TLS_VERSION_13_DRAFT22_FB
@ TLS_VERSION_13_DRAFT22_FB
Definition: app-layer-ssl.h:190
SSLStateConnp_::TAILQ_HEAD
TAILQ_HEAD(, SSLCertsChain_) certs
SSLStateConnp_::cert0_sans_len
uint16_t cert0_sans_len
Definition: app-layer-ssl.h:268
TLS_VERSION_13_DRAFT23
@ TLS_VERSION_13_DRAFT23
Definition: app-layer-ssl.h:179
TLS_VERSION_13
@ TLS_VERSION_13
Definition: app-layer-ssl.h:173
SSLStateConnp_::cert_log_flag
uint32_t cert_log_flag
Definition: app-layer-ssl.h:280
TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
Definition: app-layer-ssl.h:68
TLS_DECODER_EVENT_INVALID_SNI_LENGTH
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
Definition: app-layer-ssl.h:57
TLS_FRAME_ALERT_DATA
@ TLS_FRAME_ALERT_DATA
Definition: app-layer-ssl.h:36
TLS_STATE_SERVER_HELLO
@ TLS_STATE_SERVER_HELLO
Definition: app-layer-ssl.h:87
TLS_VERSION_13_DRAFT21
@ TLS_VERSION_13_DRAFT21
Definition: app-layer-ssl.h:181
SSLCertsChain_::TAILQ_ENTRY
TAILQ_ENTRY(SSLCertsChain_) next
SSLStateConnp_::session_id
char * session_id
Definition: app-layer-ssl.h:272
TLS_FRAME_HDR
@ TLS_FRAME_HDR
Definition: app-layer-ssl.h:34
TLS_DECODER_EVENT_INVALID_ALERT
@ TLS_DECODER_EVENT_INVALID_ALERT
Definition: app-layer-ssl.h:59
SSLStateConnp_::cert0_fingerprint
char * cert0_fingerprint
Definition: app-layer-ssl.h:265
TLS_VERSION_13_DRAFT16
@ TLS_VERSION_13_DRAFT16
Definition: app-layer-ssl.h:186
SSLStateConnp_::ja3_str
JA3Buffer * ja3_str
Definition: app-layer-ssl.h:282
TLS_STATE_SERVER_HANDSHAKE_DONE
@ TLS_STATE_SERVER_HANDSHAKE_DONE
Definition: app-layer-ssl.h:90
SSLState
struct SSLState_ SSLState
SSLv[2.0|3.[0|1|2|3]] state structure.
SSLCertsChain
struct SSLCertsChain_ SSLCertsChain
SSLStateConnp_::hs_buffer
uint8_t * hs_buffer
Definition: app-layer-ssl.h:289
SSLStateConnp_::cert0_serial
char * cert0_serial
Definition: app-layer-ssl.h:262
TLS_STATE_CLIENT_FINISHED
@ TLS_STATE_CLIENT_FINISHED
Definition: app-layer-ssl.h:82
SSLJA4IsEnabled
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled
Definition: app-layer-ssl.c:3538
TLS_VERSION_13_DRAFT18
@ TLS_VERSION_13_DRAFT18
Definition: app-layer-ssl.h:184
TLS_VERSION_13_DRAFT26
@ TLS_VERSION_13_DRAFT26
Definition: app-layer-ssl.h:176
SSLStateConnp_::cert0_sans
char ** cert0_sans
Definition: app-layer-ssl.h:267
SSLState_::flags
uint32_t flags
Definition: app-layer-ssl.h:308
SSLStateConnp_::version
uint16_t version
Definition: app-layer-ssl.h:249