Hello Stefan,

okay. I merged this into next which will eventually become Core Update 153.

Everyone, please test and send feedback :)

Best,
-Michael

> On 27 Oct 2020, at 11:06, Stefan Schantl <stefan.schantl(a)ipfire.org> wrote:
> 
> Hello Michael,
> 
> this change is not tested very well (I only tested on my productive
> system and got no errors), so there are definitely more testing should
> be done until we can ship them.
> 
> I'd suggest to bundle it with suricata 6 so we have more time for
> testing and collecting feedback.
> 
> Best regards,
> 
> -Stefan
>> Good morning Stefan,
>> 
>> Thanks for submitting this patch.
>> 
>> Is this tested and peer-reviewed and should this be merged into c152
>> with suricata 5.0.4, or is this to be merged with suricata 6?
>> 
>> Best,
>> -Michael
>> 
>>> On 27 Oct 2020, at 09:49, Stefan Schantl <stefan.schantl(a)ipfire.org
>>>> wrote:
>>> 
>>> Enable JA3 fingerprinting if any rules are enabled which are using
>>> this
>>> kind of feature.
>>> 
>>> Fixes #12507.
>>> 
>>> Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org>
>>> ---
>>> config/suricata/suricata.yaml | 4 +---
>>> 1 file changed, 1 insertion(+), 3 deletions(-)
>>> 
>>> diff --git a/config/suricata/suricata.yaml
>>> b/config/suricata/suricata.yaml
>>> index 743a4716c..4e9e39967 100644
>>> --- a/config/suricata/suricata.yaml
>>> +++ b/config/suricata/suricata.yaml
>>> @@ -387,9 +387,7 @@ app-layer:
>>> 
>>>      # Generate JA3 fingerprint from client hello. If not
>>> specified it
>>>      # will be disabled by default, but enabled if rules require
>>> it.
>>> -      #ja3-fingerprints: auto
>>> -      # Generate JA3 fingerprint from client hello
>>> -      ja3-fingerprints: no
>>> +      ja3-fingerprints: auto
>>> 
>>>      # Completely stop processing TLS/SSL session after the
>>> handshake
>>>      # completed. If bypass is enabled this will also trigger flow
>>> -- 
>>> 2.20.1
>>> 
>