Go to the documentation of this file.
26 #ifndef SURICATA_APP_LAYER_SSL_H
27 #define SURICATA_APP_LAYER_SSL_H
95 #define SSL_AL_FLAG_SERVER_CHANGE_CIPHER_SPEC BIT_U32(0)
97 #define SSL_AL_FLAG_CLIENT_CHANGE_CIPHER_SPEC BIT_U32(1)
98 #define SSL_AL_FLAG_CHANGE_CIPHER_SPEC BIT_U32(2)
101 #define SSL_AL_FLAG_SSL_CLIENT_HS BIT_U32(3)
102 #define SSL_AL_FLAG_SSL_SERVER_HS BIT_U32(4)
103 #define SSL_AL_FLAG_SSL_CLIENT_MASTER_KEY BIT_U32(5)
104 #define SSL_AL_FLAG_SSL_CLIENT_SSN_ENCRYPTED BIT_U32(6)
105 #define SSL_AL_FLAG_SSL_SERVER_SSN_ENCRYPTED BIT_U32(7)
106 #define SSL_AL_FLAG_SSL_NO_SESSION_ID BIT_U32(8)
109 #define SSL_AL_FLAG_STATE_CLIENT_HELLO BIT_U32(9)
110 #define SSL_AL_FLAG_STATE_SERVER_HELLO BIT_U32(10)
111 #define SSL_AL_FLAG_STATE_CLIENT_KEYX BIT_U32(11)
112 #define SSL_AL_FLAG_STATE_SERVER_KEYX BIT_U32(12)
113 #define SSL_AL_FLAG_STATE_UNKNOWN BIT_U32(13)
116 #define SSL_AL_FLAG_HB_INFLIGHT BIT_U32(15)
117 #define SSL_AL_FLAG_HB_CLIENT_INIT BIT_U32(16)
118 #define SSL_AL_FLAG_HB_SERVER_INIT BIT_U32(17)
121 #define SSL_AL_FLAG_SESSION_RESUMED BIT_U32(20)
124 #define SSL_AL_FLAG_CH_VERSION_EXTENSION BIT_U32(21)
128 #define SSL_AL_FLAG_LOG_WITHOUT_CERT BIT_U32(22)
132 #define SSL_AL_FLAG_EARLY_DATA BIT_U32(23)
135 #define TLS_TS_RANDOM_SET BIT_U32(24)
138 #define TLS_TC_RANDOM_SET BIT_U32(25)
140 #define SSL_AL_FLAG_NEED_CLIENT_CERT BIT_U32(26)
143 #define SSL_TLS_LOG_PEM (1 << 0)
146 #define SSL_EXTENSION_SNI 0x0000
147 #define SSL_EXTENSION_ELLIPTIC_CURVES 0x000a
148 #define SSL_EXTENSION_EC_POINT_FORMATS 0x000b
149 #define SSL_EXTENSION_SIGNATURE_ALGORITHMS 0x000d
150 #define SSL_EXTENSION_ALPN 0x0010
151 #define SSL_EXTENSION_SESSION_TICKET 0x0023
152 #define SSL_EXTENSION_EARLY_DATA 0x002a
153 #define SSL_EXTENSION_SUPPORTED_VERSIONS 0x002b
156 #define SSL_SNI_TYPE_HOST_NAME 0
159 #define SSL_VERSION_MAX_STRLEN 20
162 #define TLS_RANDOM_LEN 32
195 static inline bool TLSVersionValid(
const uint16_t
version)
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ISSUER
SSLv[2.0|3.[0|1|2|3]] state structure.
@ TLS_DECODER_EVENT_DATALEAK_HEARTBEAT_MISMATCH
@ TLS_DECODER_EVENT_HEARTBEAT
@ TLS_DECODER_EVENT_OVERFLOW_HEARTBEAT
@ TLS_DECODER_EVENT_ERROR_MSG_ENCOUNTERED
SSLStateConnp client_connp
@ TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE
struct HtpBodyChunk_ * next
SSLStateConnp server_connp
uint16_t session_id_length
struct SSLAlpns_ SSLAlpns
SSLStateConnp * curr_connp
@ TLS_STATE_SERVER_HELLO_DONE
AppLayerStateData state_data
@ TLS_DECODER_EVENT_INVALID_TLS_HEADER
void SSLVersionToString(uint16_t, char *)
@ TLS_VERSION_13_DRAFT26_FB
uint8_t hs_buffer_message_type
@ TLS_DECODER_EVENT_INVALID_SSL_RECORD
@ TLS_DECODER_EVENT_TOO_MANY_RECORDS_IN_PACKET
@ TLS_DECODER_EVENT_MULTIPLE_SNI_EXTENSIONS
uint32_t record_lengths_length
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DER
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_LENGTH
struct SSLStateConnp_ SSLStateConnp
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VALIDITY
@ TLS_STATE_CLIENT_HANDSHAKE_DONE
@ TLS_DECODER_EVENT_INVALID_RECORD_TYPE
enum TlsStateClient client_state
void SSLEnableJA3(void)
if not explicitly disabled in config, enable ja3 support
uint32_t hs_buffer_offset
@ TLS_STATE_CLIENT_HELLO_DONE
@ TLS_DECODER_EVENT_INVALID_RECORD_VERSION
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_DATE
@ TLS_VERSION_13_DRAFT21_FB
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SERIAL
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_SUBJECT
@ TLS_STATE_SERVER_FINISHED
@ TLS_STATE_CLIENT_IN_PROGRESS
TAILQ_HEAD(, SSLAlpns_) alpns
void RegisterSSLParsers(void)
Function to register the SSL protocol parser and other functions.
@ TLS_DECODER_EVENT_INVALID_SSLV2_HEADER
@ TLS_DECODER_EVENT_INVALID_RECORD_LENGTH
enum TlsStateServer server_state
@ TLS_VERSION_13_DRAFT20_FB
@ TLS_STATE_SERVER_CERT_DONE
uint32_t certs_buffer_size
@ TLS_DECODER_EVENT_INVALID_HEARTBEAT
@ TLS_VERSION_13_DRAFT23_FB
@ TLS_DECODER_EVENT_HANDSHAKE_INVALID_LENGTH
struct AppLayerTxData AppLayerTxData
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_VERSION
uint8_t random[TLS_RANDOM_LEN]
@ TLS_DECODER_EVENT_INVALID_CERTIFICATE
TAILQ_ENTRY(SSLAlpns_) next
uint32_t hs_buffer_message_size
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_ALGORITHMIDENTIFIER
void SSLEnableJA4(void)
if not explicitly disabled in config, enable ja4 support
@ TLS_DECODER_EVENT_INVALID_SNI_TYPE
@ TLS_STATE_CLIENT_CERT_DONE
@ TLS_VERSION_13_PRE_DRAFT16
@ TLS_STATE_SERVER_IN_PROGRESS
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_X509NAME
bool SSLJA3IsEnabled(void)
return whether ja3 is effectively enabled
@ TLS_VERSION_13_DRAFT22_FB
TAILQ_HEAD(, SSLCertsChain_) certs
@ TLS_DECODER_EVENT_CERTIFICATE_INVALID_EXTENSIONS
@ TLS_DECODER_EVENT_INVALID_SNI_LENGTH
TAILQ_ENTRY(SSLCertsChain_) next
@ TLS_DECODER_EVENT_INVALID_ALERT
@ TLS_STATE_SERVER_HANDSHAKE_DONE
struct SSLState_ SSLState
SSLv[2.0|3.[0|1|2|3]] state structure.
struct SSLCertsChain_ SSLCertsChain
@ TLS_STATE_CLIENT_FINISHED
bool SSLJA4IsEnabled(void)
return whether ja4 is effectively enabled