From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] Suricata: detect TLS traffic on port 444, too
Date: Fri, 22 Feb 2019 20:16:00 +0000
Message-ID: <407990e1-b28c-546a-d1b5-d99901eaee8e@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8559598451320994924=="
List-Id: <development.lists.ipfire.org>

--===============8559598451320994924==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

This is the default port for IPFire's administrative web interface
and should be monitored by Suricata, too.

Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
c: Stefan Schantl <stefan.schantl(a)ipfire.org>
---
 config/suricata/suricata.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 4fbd32b85..0ff06f4ae 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -140,7 +140,7 @@ app-layer:
     tls:
       enabled: yes
       detection-ports:
-        dp: "[443,465,993,995]"
+        dp: "[443,444,465,993,995]"
 
       # Completely stop processing TLS/SSL session after the handshake
       # completed. If bypass is enabled this will also trigger flow
-- 
2.16.4

--===============8559598451320994924==--