tls/ja3: do not append to ja3 str once ja3 hash is computed

author Philippe Antoine <pantoine@oisf.net>

Tue, 3 Sep 2024 13:37:00 +0000 (15:37 +0200)

committer Victor Julien <victor@inliniac.net>

Mon, 9 Sep 2024 09:01:25 +0000 (11:01 +0200)
author Philippe Antoine <pantoine@oisf.net>
Tue, 3 Sep 2024 13:37:00 +0000 (15:37 +0200)
committer Victor Julien <victor@inliniac.net>
Mon, 9 Sep 2024 09:01:25 +0000 (11:01 +0200)
diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c

index da98a1ee0953566dc74796145381cd9363984563..3a7a076f6978a2ab2eabefa0d5657edfe9a458bc 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -856,7 +856,8 @@ static inline int TLSDecodeHSHelloCipherSuites(SSLState *ssl_state,
          goto invalid_length;
      }
  
-    const bool enable_ja3 = SC_ATOMIC_GET(ssl_config.enable_ja3);
+    const bool enable_ja3 =
+            SC_ATOMIC_GET(ssl_config.enable_ja3) && ssl_state->curr_connp->ja3_hash == NULL;
  
      if (enable_ja3 || SC_ATOMIC_GET(ssl_config.enable_ja4)) {
          JA3Buffer *ja3_cipher_suites = NULL;
@@ -1336,7 +1337,9 @@ static inline int TLSDecodeHSHelloExtensions(SSLState *ssl_state,
  
      int ret;
      int rc;
-    const bool ja3 = (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1);
+    // if ja3_hash is already computed, do not use new hello to augment ja3_str
+    const bool ja3 =
+            (SC_ATOMIC_GET(ssl_config.enable_ja3) == 1) && ssl_state->curr_connp->ja3_hash == NULL;
  
      JA3Buffer *ja3_extensions = NULL;
      JA3Buffer *ja3_elliptic_curves = NULL;
author	Philippe Antoine <pantoine@oisf.net>
	Tue, 3 Sep 2024 13:37:00 +0000 (15:37 +0200)
committer	Victor Julien <victor@inliniac.net>
	Mon, 9 Sep 2024 09:01:25 +0000 (11:01 +0200)