This reverts commit ad99f959e2b83dd9f1275c1d385140271c8926ae.
It does not make any sense to try to decode the TLS connection with the DNS decoder.
Therefore should 853 (TCP only) be added to the TLS decoder.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/suricata/suricata.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index d3ebbcfe4..767f84074 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -140,7 +140,7 @@ app-layer: tls: enabled: yes detection-ports: - dp: "[443,444,465,993,995]" + dp: "[443,444,465,853,993,995]"
# Completely stop processing TLS/SSL session after the handshake # completed. If bypass is enabled this will also trigger flow @@ -204,11 +204,11 @@ app-layer: tcp: enabled: yes detection-ports: - dp: "[53,853]" + dp: 53 udp: enabled: yes detection-ports: - dp: "[53,853]" + dp: 53 http: enabled: yes # memcap: 64mb