You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This isn't a feature request or a discussion topic
Bug description
Signal's live servers utilise certificate which is blocked by Suricata rule (this did not occur in the past using the same setup):
GID:SID 1:2230027
alert tls any any -> any any (msg:"SURICATA TLS certificate invalid der"; flow:established; app-layer-event:tls.certificate_invalid_der; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230027; rev:1;)
This is related to rules in https://github.com/OISF/suricata/blob/master/rules/tls-events.rules
Steps to reproduce
Send message on Signal on Android
Observe Suricata IDS rules start blocking multiple IP addresses on *.awsglobalaccelerator.com associated with Signal client-server network flows (eg. ac88393aca5853df7.awsglobalaccelerator.com)
Disabling the rule fixes the issue immediately
Actual result: Messages are not sent/received Expected result: Messages should be sent/received successfully
Screenshots
N/A
Device info
Android version: 10 Signal version: 6.0.6
Link to debug log
$ openssl s_client -connect ac88393aca5853df7.awsglobalaccelerator.com:443
CONNECTED(00000003)
depth=1 C = US, ST = California, L = Mountain View, O = "Signal Messenger, LLC", CN = Signal Messenger
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=1 C = US, ST = California, L = Mountain View, O = "Signal Messenger, LLC", CN = Signal Messenger
The text was updated successfully, but these errors were encountered:
sengork
changed the title
TLS certificate invalid der
TLS certificate invalid der (Signal self-signed certificate)
Oct 31, 2022
Bug description
Signal's live servers utilise certificate which is blocked by Suricata rule (this did not occur in the past using the same setup):
GID:SID 1:2230027
alert tls any any -> any any (msg:"SURICATA TLS certificate invalid der"; flow:established; app-layer-event:tls.certificate_invalid_der; flowint:tls.anomaly.count,+,1; classtype:protocol-command-decode; sid:2230027; rev:1;)
This is related to rules in https://github.com/OISF/suricata/blob/master/rules/tls-events.rules
Steps to reproduce
Actual result: Messages are not sent/received
Expected result: Messages should be sent/received successfully
Screenshots
N/A
Device info
Android version: 10
Signal version: 6.0.6
Link to debug log
$ openssl s_client -connect ac88393aca5853df7.awsglobalaccelerator.com:443
CONNECTED(00000003)
depth=1 C = US, ST = California, L = Mountain View, O = "Signal Messenger, LLC", CN = Signal Messenger
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=1 C = US, ST = California, L = Mountain View, O = "Signal Messenger, LLC", CN = Signal Messenger
The text was updated successfully, but these errors were encountered: