Hello Michael,
this change is not tested very well (I only tested on my productive system and got no errors), so there are definitely more testing should be done until we can ship them.
I'd suggest to bundle it with suricata 6 so we have more time for testing and collecting feedback.
Best regards,
-Stefan
Good morning Stefan,
Thanks for submitting this patch.
Is this tested and peer-reviewed and should this be merged into c152 with suricata 5.0.4, or is this to be merged with suricata 6?
Best, -Michael
On 27 Oct 2020, at 09:49, Stefan Schantl <stefan.schantl@ipfire.org
wrote:
Enable JA3 fingerprinting if any rules are enabled which are using this kind of feature.
Fixes #12507.
Signed-off-by: Stefan Schantl stefan.schantl@ipfire.org
config/suricata/suricata.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml index 743a4716c..4e9e39967 100644 --- a/config/suricata/suricata.yaml +++ b/config/suricata/suricata.yaml @@ -387,9 +387,7 @@ app-layer:
# Generate JA3 fingerprint from client hello. If notspecified it # will be disabled by default, but enabled if rules require it.
#ja3-fingerprints: auto# Generate JA3 fingerprint from client helloja3-fingerprints: no
ja3-fingerprints: auto # Completely stop processing TLS/SSL session after thehandshake # completed. If bypass is enabled this will also trigger flow -- 2.20.1