55 lines
1.7 KiB
Markdown
55 lines
1.7 KiB
Markdown
# 福建项目:测试发现TLS v1.2出现穿透,sapp未发rst包
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-1179 | 2024-03-12T17:25:00.000+0800 | 杨威 | 已关闭 |
|
||
|
||
|
||
---
|
||
|
||
测试网址:https://a.ywgyuv.cn/login
|
||
测试现象:多次访问出现穿透,通过tcpdump_mesa捕包发现,当流量为TLS v1的时候sapp正常发rst包,当流量为TLS v1.2的时候sapp未发rst包,出现穿透现象。使用不同的运营商测试,效果相同。
|
||
!image-2024-03-12-17-24-09-266.png|thumbnail!
|
||
**yangwei** commented on *2024-03-12T18:44:23.930+0800*:
|
||
|
||
duplicate with TSG-18234 【Policies-Security】Condition为SNI Negate的Deny策略,访问网址多次刷新后,页面未阻断 - Geedge Networks Jira
|
||
|
||
福建建议升级ssl解析插件至v2.0.15(https://repo.geedge.net/pulp/content/7/x86_64/stable/protocol/Packages/s/ssl-2.0.15.ca6d7fe-1.el7.x86_64.rpm)修复该问题 [~zhangzhihan]
|
||
|
||
|
||
|
||
---
|
||
|
||
**gitlab** commented on *2024-03-21T09:21:39.285+0800*:
|
||
|
||
[杨威|https://git.mesalab.cn/yangwei] mentioned this issue in [a commit|https://git.mesalab.cn/MESA_Platform/ssl/-/commit/ca6d7fecf10ed355b2e8848208ff312da2fbe24f] of [MESA Platform / ssl|https://git.mesalab.cn/MESA_Platform/ssl] on branch [master|https://git.mesalab.cn/MESA_Platform/ssl/-/tree/master]:{quote}🐞 fix(ssh.h 向前兼容):{quote}
|
||
|
||
|
||
|
||
---
|
||
|
||
**zhangzhihan** commented on *2024-04-09T10:45:45.929+0800*:
|
||
|
||
现场部分局点更新了ssl.so (2.0.14 md5值c3ae3846ce0233fe8ca6833334787e8d),测试无穿透现象
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
## Attachments
|
||
|
||
**53383/image-2024-03-12-17-24-09-266.png**
|
||
|
||
---
|
||
|
||
**53382/泉州联通21.1_tcpdump_mesa捕包.pcap**
|
||
|
||
---
|
||
|
||
**53381/泉州联通21.1_管理口捕rst包.pcap**
|
||
|
||
---
|
||
|