Good morning Stefan,

Thanks for submitting this patch.

Is this tested and peer-reviewed and should this be merged into c152 with suricata 5.0.4, or is this to be merged with suricata 6?

Best,
-Michael

> On 27 Oct 2020, at 09:49, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote:
> 
> Enable JA3 fingerprinting if any rules are enabled which are using this
> kind of feature.
> 
> Fixes #12507.
> 
> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
> ---
> config/suricata/suricata.yaml | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
> index 743a4716c..4e9e39967 100644
> --- a/config/suricata/suricata.yaml
> +++ b/config/suricata/suricata.yaml
> @@ -387,9 +387,7 @@ app-layer:
> 
>       # Generate JA3 fingerprint from client hello. If not specified it
>       # will be disabled by default, but enabled if rules require it.
> -      #ja3-fingerprints: auto
> -      # Generate JA3 fingerprint from client hello
> -      ja3-fingerprints: no
> +      ja3-fingerprints: auto
> 
>       # Completely stop processing TLS/SSL session after the handshake
>       # completed. If bypass is enabled this will also trigger flow
> -- 
> 2.20.1
>