From 05a635ec04f1ca7ee85a1511757ef3fea28cdb5c Mon Sep 17 00:00:00 2001
From: =?utf8?q?Peter=20M=C3=BCller?= <peter.mueller@ipfire.org>
Date: Thu, 7 Feb 2019 17:38:00 +0000
Subject: [PATCH] Suricata: detect TLS traffic on IMAPS/POP3S/SSMTP ports as,
 well
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Partially fixes #11808

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/suricata/suricata.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 48035a67eb..dd7e53584e 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -140,7 +140,7 @@ app-layer:
     tls:
       enabled: yes
       detection-ports:
-        dp: 443
+        dp: "[443,465,993,995]"
 
       # Completely stop processing TLS/SSL session after the handshake
       # completed. If bypass is enabled this will also trigger flow
-- 
2.39.2