From 2b6ca86f72a61a41067d3f1ad4e2a31aa1bf23c7 Mon Sep 17 00:00:00 2001 From: Kaian Date: Wed, 4 May 2016 20:40:26 +0200 Subject: [PATCH] tls: fix connection encrypted flags #117 From now on connection is considered encrypted only when sngrep captures change_cipher_spec message and has both client and server cipher contexts. Before gathering all that information, all application_data messages will be ignored. --- src/capture_gnutls.c | 3 ++- src/capture_openssl.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/capture_gnutls.c b/src/capture_gnutls.c index 03606b6..21264fd 100644 --- a/src/capture_gnutls.c +++ b/src/capture_gnutls.c @@ -393,7 +393,8 @@ tls_process_record(struct SSLConnection *conn, const uint8_t *payload, break; case change_cipher_spec: // From now on, this connection will be encrypted using MasterSecret - conn->encrypted = 1; + if (conn->client_cipher_ctx.cipher && conn->server_cipher_ctx.cipher) + conn->encrypted = 1; break; case application_data: if (conn->encrypted) { diff --git a/src/capture_openssl.c b/src/capture_openssl.c index 620880c..9ab3114 100644 --- a/src/capture_openssl.c +++ b/src/capture_openssl.c @@ -366,7 +366,8 @@ tls_process_record(struct SSLConnection *conn, const uint8_t *payload, break; case change_cipher_spec: // From now on, this connection will be encrypted using MasterSecret - conn->encrypted = 1; + if (conn->client_cipher_ctx.cipher && conn->server_cipher_ctx.cipher) + conn->encrypted = 1; break; case application_data: if (conn->encrypted) {