geedge-jira/md/OMPUB-645.md

# 自定义特征中SSL的证书字段阻断无效果

| ID | Creation Date | Assignee | Status |
|----|----------------|----------|--------|
| OMPUB-645 | 2022-09-29T16:50:28.000+0800 | 刘学利 | 已关闭 |


---

使用自定义特征中的 ssl.handshake.certificate.issuer_organization_name

ssl.handshake.certificate.subject_organization_name

ssl.handshake.certificate.issuer_common_name

进行组合对bilibili进行阻断，无效果，在session records中可以找到对应的字段。

自定app json： [^appSketch_20220929084616701.json]

^!image-2022-09-29-15-18-57-319.png!!image-2022-09-29-15-19-38-394.png!^**liuxueli** commented on *2022-09-30T16:44:40.185+0800*:

* 调整2个配置文件
 ** 调整tsgconf/main.conf中配置选项，搜索APP_SKETCH_LOCAL并下面添加如下内容
{code:java}
[APP_SKETCH_LOCAL]
SCAN_UDP_PAYLOAD_NUM=4
SCAN_TCP_PAYLOAD_NUM=4
C2S_PKT_SIZE_NUM=4
S2C_PKT_SIZE_NUM=4 {code}
 

 ** 调整plug/business/app_sketch_local/app_sketch_local.inf配置项
 *** 调整前
 **** 
{code:java}
[SSL]
FUNC_FLAG=SSL_CLIENT_HELLO,SSL_SERVER_HELLO,SSL_APPLICATION_DATA,SSL_CERTIFICATE_DETAIL
FUNC_NAME=APP_SKETCH_SSL_PLUG_ENTRY {code}

 *** 调整后
 **** 
{code:java}
[SSL]
FUNC_FLAG=SSL_CLIENT_HELLO,SSL_CERTIFICATE_DETAIL
FUNC_NAME=APP_SKETCH_SSL_PLUG_ENTRY {code}



---

**gitlab** commented on *2022-10-14T16:21:48.972+0800*:

[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|https://git.mesalab.cn/appsketch/app_sketch_local/-/commit/6d9287cb48fae496b4cd72a95c82dfba7b85ecd0] of [AppSketch / app_sketch_local|https://git.mesalab.cn/appsketch/app_sketch_local] on branch [bugfix-OMPUB-645|https://git.mesalab.cn/appsketch/app_sketch_local/-/tree/bugfix-OMPUB-645]:{quote}OMPUB-645: 解析层回调业务层APPLIACTION状态时返回DROPME, 其他状态返回GIVEME{quote}



---

**gitlab** commented on *2022-10-14T16:26:26.714+0800*:

[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a merge request|https://git.mesalab.cn/appsketch/app_sketch_local/-/merge_requests/59] of [AppSketch / app_sketch_local|https://git.mesalab.cn/appsketch/app_sketch_local] on branch [bugfix-OMPUB-645|https://git.mesalab.cn/appsketch/app_sketch_local/-/tree/bugfix-OMPUB-645]:{quote}OMPUB-645: 解析层回调业务层APPLIACTION状态时返回DROPME, 其他状态返回GIVEME{quote}



---

**gitlab** commented on *2022-10-14T17:15:18.871+0800*:

[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/905bcab4d44899ef7587b89496e86b438ded3c83] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-22.10-firewall-v2|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-22.10-firewall-v2]:{quote}更新tsg_master、app_sketch_local、app_proto_identify, 新增或修复：{quote}



---

**gitlab** commented on *2022-10-14T17:15:38.119+0800*:

[刘学利|https://git.mesalab.cn/liuxueli] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/943] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-22.10-firewall-v2|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-22.10-firewall-v2]:{quote}更新tsg_master、app_sketch_local、app_proto_identify, 新增或修复：{quote}



---

**gitlab** commented on *2022-10-14T17:20:37.619+0800*:

[付明卫|https://git.mesalab.cn/fumingwei] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/944] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [dev-22.10|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/dev-22.10]:{quote}2022/10/14{quote}



---



## Attachments

**31472/appSketch_20220929084616701.json**

---

**31471/image-2022-09-29-15-18-57-319.png**

---

**31470/image-2022-09-29-15-19-38-394.png**

---