From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Schantl <stefan.schantl@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] suricata: Automatically enable JA3 fingerprinting.
Date: Tue, 27 Oct 2020 10:49:31 +0100
Message-ID: <20201027094931.2921-1-stefan.schantl@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5784452336458432024=="
List-Id: <development.lists.ipfire.org>

--===============5784452336458432024==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Enable JA3 fingerprinting if any rules are enabled which are using this
kind of feature.

Fixes #12507.

Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/suricata/suricata.yaml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 743a4716c..4e9e39967 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -387,9 +387,7 @@ app-layer:
 
       # Generate JA3 fingerprint from client hello. If not specified it
       # will be disabled by default, but enabled if rules require it.
-      #ja3-fingerprints: auto
-      # Generate JA3 fingerprint from client hello
-      ja3-fingerprints: no
+      ja3-fingerprints: auto
 
       # Completely stop processing TLS/SSL session after the handshake
       # completed. If bypass is enabled this will also trigger flow
-- 
2.20.1


--===============5784452336458432024==--