81 lines
1.9 KiB
Markdown
81 lines
1.9 KiB
Markdown
# 福建项目:sapp没有处理流量
|
||
|
||
| ID | Creation Date | Assignee | Status |
|
||
|----|----------------|----------|--------|
|
||
| OMPUB-1060 | 2023-11-14T18:21:27.000+0800 | 张智涵 | 已关闭 |
|
||
|
||
|
||
---
|
||
|
||
网址[https://tsngusj.jruvznsf.com/n5aym]有时候能封住,有时候封不住,测试把这个情况复现出来了,流量有进系统,无缺失流量的情况,穿透时sapp没有对流量进行处理,捕包分析客户端上的TLS1.3协议,从sapp捕包分析来看,协议是TLS1.2的协议;怀疑流量进入系统后TLS协议有变化?
|
||
|
||
这是在客户端捕的包,TSLV1都是可以正常封堵的,当客户端请求包TLS协议为TLS1.3的时候就穿透了
|
||
|
||
!image-2023-11-14-18-09-33-888.png!
|
||
|
||
这是在服务器捕的包,TLSv1都是正常,{color:#ff0000}穿透的时候server里TLS就是1.2了{color}
|
||
|
||
!image-2023-11-15-14-45-20-427.png!
|
||
|
||
这是对应的策略,sni拦截策略
|
||
|
||
!image-2023-11-14-18-16-39-159.png!
|
||
|
||
|
||
|
||
这是对应时间段的安全事件日志
|
||
|
||
!image-2023-11-14-18-17-14-205.png!
|
||
|
||
!image-2023-11-14-18-17-25-520.png!
|
||
|
||
**zhangzhihan** commented on *2024-04-09T10:32:07.546+0800*:
|
||
|
||
穿透原因:穿透的流中,SNI位置靠后,sapp未识别到SNI所以穿透,现场打了ssl.so的补丁,测试后不再穿透。TLS 1.3的穿透是因为TLS 1.2被阻断了,自动变到了TLS 1.3.
|
||
!image-2024-04-09-10-24-31-879.png|thumbnail!
|
||
|
||
|
||
|
||
---
|
||
|
||
|
||
|
||
## Attachments
|
||
|
||
**47344/client-google-121.207.21.137.pcap**
|
||
|
||
---
|
||
|
||
**47343/image-2023-11-14-18-09-33-888.png**
|
||
|
||
---
|
||
|
||
**47342/image-2023-11-14-18-16-39-159.png**
|
||
|
||
---
|
||
|
||
**47341/image-2023-11-14-18-17-14-205.png**
|
||
|
||
---
|
||
|
||
**47340/image-2023-11-14-18-17-25-520.png**
|
||
|
||
---
|
||
|
||
**47370/image-2023-11-15-14-45-20-427.png**
|
||
|
||
---
|
||
|
||
**54631/image-2024-04-09-10-24-31-879.png**
|
||
|
||
---
|
||
|
||
**47346/server-192.168.35.2-eno1.pcap**
|
||
|
||
---
|
||
|
||
**47345/server-192.168.35.2-sapp.pcap**
|
||
|
||
---
|
||
|