Bug #3220: ssl_version keyword negation (!) not working - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3220

open

ssl_version keyword negation (!) not working

Added by Min-Gyu Jeon about 5 years ago. Updated about 5 years ago.

Status:

New

Priority:

Normal

Assignee:

Min-Gyu Jeon

Target version:

TBD

Affected Versions:

Effort:

Difficulty:

low

Label:

Description

issue¶

*ssl_version keyword being not detected when using negation (!)

alert tcp any any -> any any (ssl_version:!sslv3)

cause¶

in DetectSslVersionParse() function, the negation info is not used properly.

how to fix¶

use the negation info properly
- check if other version have negations

Files

ssl-v2.pcap (40.4 KB) ssl-v2.pcap

pcap from https://wiki.wireshark.org/SampleCaptures

Min-Gyu Jeon, 10/13/2019 11:16 AM

Related issues 1 (1 open — 0 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #3220

ssl_version keyword negation (!) not working

issue¶

cause¶

how to fix¶

Updated by Andreas Herz about 5 years ago

Updated by Min-Gyu Jeon about 5 years ago

Updated by Min-Gyu Jeon about 5 years ago

Updated by Min-Gyu Jeon about 5 years ago

Updated by Philippe Antoine 12 months ago