Hello Michael,

this change is not tested very well (I only tested on my productive
system and got no errors), so there are definitely more testing should
be done until we can ship them.

I'd suggest to bundle it with suricata 6 so we have more time for
testing and collecting feedback.

Best regards,

-Stefan
> Good morning Stefan,
> 
> Thanks for submitting this patch.
> 
> Is this tested and peer-reviewed and should this be merged into c152
> with suricata 5.0.4, or is this to be merged with suricata 6?
> 
> Best,
> -Michael
> 
> > On 27 Oct 2020, at 09:49, Stefan Schantl <stefan.schantl(a)ipfire.org
> > > wrote:
> > 
> > Enable JA3 fingerprinting if any rules are enabled which are using
> > this
> > kind of feature.
> > 
> > Fixes #12507.
> > 
> > Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> > ---
> > config/suricata/suricata.yaml | 4 +---
> > 1 file changed, 1 insertion(+), 3 deletions(-)
> > 
> > diff --git a/config/suricata/suricata.yaml
> > b/config/suricata/suricata.yaml
> > index 743a4716c..4e9e39967 100644
> > --- a/config/suricata/suricata.yaml
> > +++ b/config/suricata/suricata.yaml
> > @@ -387,9 +387,7 @@ app-layer:
> > 
> >       # Generate JA3 fingerprint from client hello. If not
> > specified it
> >       # will be disabled by default, but enabled if rules require
> > it.
> > -      #ja3-fingerprints: auto
> > -      # Generate JA3 fingerprint from client hello
> > -      ja3-fingerprints: no
> > +      ja3-fingerprints: auto
> > 
> >       # Completely stop processing TLS/SSL session after the
> > handshake
> >       # completed. If bypass is enabled this will also trigger flow
> > -- 
> > 2.20.1
> >