From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Tue, 27 Oct 2020 09:49:31 +0000 (+0100)
Subject: suricata: Automatically enable JA3 fingerprinting.
X-Git-Tag: v2.25-core155~384^2~131
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0937bd9c01fd4c56fdee688e887958dc72a9b03b;p=ipfire-2.x.git

suricata: Automatically enable JA3 fingerprinting.

Enable JA3 fingerprinting if any rules are enabled which are using this
kind of feature.

Fixes #12507.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 743a4716cd..4e9e399675 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -387,9 +387,7 @@ app-layer:
 
       # Generate JA3 fingerprint from client hello. If not specified it
       # will be disabled by default, but enabled if rules require it.
-      #ja3-fingerprints: auto
-      # Generate JA3 fingerprint from client hello
-      ja3-fingerprints: no
+      ja3-fingerprints: auto
 
       # Completely stop processing TLS/SSL session after the handshake
       # completed. If bypass is enabled this will also trigger flow