Skip to content

TLS: surface non-UTF-8 SNI hostnames instead of silently dropping #28

Open
Open
TLS: surface non-UTF-8 SNI hostnames instead of silently dropping#28
Labels
enhancementNew feature or requestprotocol:tlsTLS/SSL protocol analysis
@Zious11

Description

@Zious11
Zious11
opened on Apr 7, 2026

Context

Discovered during PR review of TLS analyzer (#2).

In src/analyzer/tls.rs, extract_sni() uses String::from_utf8(...).ok() which silently drops non-UTF-8 SNI hostnames. For a security tool, non-UTF-8 SNI could indicate C2 encoding or malware — worth surfacing rather than discarding.

Suggested Fix

Use String::from_utf8_lossy or surface the hex value when UTF-8 conversion fails. Optionally generate a low-confidence finding for non-UTF-8 SNI.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestprotocol:tlsTLS/SSL protocol analysis

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions