From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] Suricata: detect TLS traffic on port 444, too
Date: Wed, 27 Feb 2019 15:27:16 +0000
Message-ID: <D8F4B6FB-F394-4E24-80F1-BBD0226BE06B@ipfire.org>
In-Reply-To: <407990e1-b28c-546a-d1b5-d99901eaee8e@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5954950563199297829=="
List-Id: <development.lists.ipfire.org>

--===============5954950563199297829==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 22 Feb 2019, at 20:16, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> This is the default port for IPFire's administrative web interface
> and should be monitored by Suricata, too.
> 
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> c: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/suricata/suricata.yaml | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
> index 4fbd32b85..0ff06f4ae 100644
> --- a/config/suricata/suricata.yaml
> +++ b/config/suricata/suricata.yaml
> @@ -140,7 +140,7 @@ app-layer:
>     tls:
>       enabled: yes
>       detection-ports:
> -        dp: "[443,465,993,995]"
> +        dp: "[443,444,465,993,995]"
> 
>       # Completely stop processing TLS/SSL session after the handshake
>       # completed. If bypass is enabled this will also trigger flow
> -- 
> 2.16.4


--===============5954950563199297829==--