Enable JA3 fingerprinting if any rules are enabled which are using this kind of feature.
Fixes #12507.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org --- config/suricata/suricata.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 743a4716c..4e9e39967 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -387,9 +387,7 @@ app-layer:
# Generate JA3 fingerprint from client hello. If not specified it # will be disabled by default, but enabled if rules require it. - #ja3-fingerprints: auto - # Generate JA3 fingerprint from client hello - ja3-fingerprints: no + ja3-fingerprints: auto
# Completely stop processing TLS/SSL session after the handshake # completed. If bypass is enabled this will also trigger flow