tls/ja3: don't disable; allowing runtime enabling

author Victor Julien <victor@inliniac.net>

Thu, 3 Oct 2019 10:51:08 +0000 (12:51 +0200)

committer Victor Julien <victor@inliniac.net>

Wed, 9 Oct 2019 13:26:59 +0000 (15:26 +0200)
author Victor Julien <victor@inliniac.net>
Thu, 3 Oct 2019 10:51:08 +0000 (12:51 +0200)
committer Victor Julien <victor@inliniac.net>
Wed, 9 Oct 2019 13:26:59 +0000 (15:26 +0200)
diff --git a/suricata.yaml.in b/suricata.yaml.in

index 9e2f91e9be456c4c231e1418686339e5089ec06a..20e512b1be99f072d3ec9787ed0172e21918e0ac 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -727,8 +727,9 @@ app-layer:
        detection-ports:
          dp: 443
  
-      # Generate JA3 fingerprint from client hello
-      ja3-fingerprints: no
+      # Generate JA3 fingerprint from client hello. If not specified it
+      # will be disabled by default, but enabled if rules require it.
+      #ja3-fingerprints: yes
  
        # What to do when the encrypted communications start:
        # - default: keep tracking TLS session, check for protocol anomalies,
author	Victor Julien <victor@inliniac.net>
	Thu, 3 Oct 2019 10:51:08 +0000 (12:51 +0200)
committer	Victor Julien <victor@inliniac.net>
	Wed, 9 Oct 2019 13:26:59 +0000 (15:26 +0200)