From 8fc1e5c9a3ff1809301e9548026cb79a763f4752 Mon Sep 17 00:00:00 2001
From: Ozzyboshi <gun101@email.it>
Date: Thu, 17 Mar 2022 12:26:36 +0100
Subject: [PATCH] Check tls handshake and LS 1.0, 1.1 or 1.2 connections

---
 src/capture_gnutls.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/capture_gnutls.c b/src/capture_gnutls.c
index b57c93e..b4d0375 100644
--- a/src/capture_gnutls.c
+++ b/src/capture_gnutls.c
@@ -477,6 +477,20 @@ tls_process_record_ssl2(struct SSLConnection *conn, const uint8_t *payload,
         // Client Hello SSLv2
         struct ClientHelloSSLv2 *clienthello = (struct ClientHelloSSLv2 *) fragment;
 
+        // Check we have a TLS handshake
+        if (clienthello->client_version.major != 0x03) {
+            tls_connection_destroy(conn);
+            return 1;
+        }
+
+        // Only TLS 1.0, 1.1 or 1.2 connections
+        if (clienthello->client_version.minor != 0x01
+                && clienthello->client_version.minor != 0x02
+                && clienthello->client_version.minor != 0x03) {
+            tls_connection_destroy(conn);
+            return 1;
+        }
+        
         // Store TLS version
         conn->version = clienthello->client_version.minor;