From: Peter Müller <peter.mueller@ipfire.org>
Date: Fri, 22 Feb 2019 20:16:00 +0000 (+0000)
Subject: Suricata: detect TLS traffic on port 444, too
X-Git-Tag: v2.23-core131~117^2~29
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=1f3c61b66c77898707791519b837e61b1d2e6ad0

Suricata: detect TLS traffic on port 444, too

This is the default port for IPFire's administrative web interface
and should be monitored by Suricata, too.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
c: Stefan Schantl <stefan.schantl@ipfire.org>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 4fbd32b850..0ff06f4aeb 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -140,7 +140,7 @@ app-layer:
     tls:
       enabled: yes
       detection-ports:
-        dp: "[443,465,993,995]"
+        dp: "[443,444,465,993,995]"
 
       # Completely stop processing TLS/SSL session after the handshake
       # completed. If bypass is enabled this will also trigger flow