From 9e9036280d5deb1e7f01150c4dbde15d6b266b49 Mon Sep 17 00:00:00 2001
From: Noor <noormohammedb@protonmail.com>
Date: Wed, 1 Jan 2025 23:37:32 +0000
Subject: [PATCH 1/2] handle TLS attack

included net attack count on non supported tls connection
counted as attack for tls without client cert and missing quote on tls client cert
---
 src/grpc/server.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/grpc/server.rs b/src/grpc/server.rs
index 8830c21..626533e 100644
--- a/src/grpc/server.rs
+++ b/src/grpc/server.rs
@@ -93,7 +93,14 @@ impl NodeServer {
 
                 let conn = if let Err(e) = conn {
                     println!("Error accepting TLS connection: {e}");
-                    if e.to_string().contains("HandshakeFailure") {
+                    let attack_error_messages = [
+                        "HandshakeFailure",
+                        "peer sent no certificates", // "NoCertificatesPresented",
+                        "Not found quote extension",
+                    ];
+
+                    let err_str = e.to_string();
+                    if attack_error_messages.iter().any(|att_er_str| err_str.contains(att_er_str)) {
                         state.increase_net_attacks().await;
                     }
                     return;
-- 
2.43.0


From 3bdae474b155be840c97716a24011e0ebfc5f37f Mon Sep 17 00:00:00 2001
From: Noor <noormohammedb@protonmail.com>
Date: Thu, 2 Jan 2025 15:00:20 +0000
Subject: [PATCH 2/2] solved requested changes

enhance error handling for TLS connections and improve attack detection
---
 src/grpc/server.rs | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/grpc/server.rs b/src/grpc/server.rs
index 626533e..25ff4d1 100644
--- a/src/grpc/server.rs
+++ b/src/grpc/server.rs
@@ -93,13 +93,9 @@ impl NodeServer {
 
                 let conn = if let Err(e) = conn {
                     println!("Error accepting TLS connection: {e}");
-                    let attack_error_messages = [
-                        "HandshakeFailure",
-                        "peer sent no certificates", // "NoCertificatesPresented",
-                        "Not found quote extension",
-                    ];
+                    let attack_error_messages = ["handshake", "certificate", "quote"];
 
-                    let err_str = e.to_string();
+                    let err_str = e.to_string().to_lowercase();
                     if attack_error_messages.iter().any(|att_er_str| err_str.contains(att_er_str)) {
                         state.increase_net_attacks().await;
                     }
@@ -204,6 +200,7 @@ impl Update for NodeServer {
                             yield Ok(update.update);
                         }
                         // TODO: check if disconnect client if too many connections are active
+                        // Its tested and working
                         if tx.receiver_count() > 9 {
                             error_status = Status::internal("Already have too many clients. Connect to another server.");
                             break;
-- 
2.43.0