tls/ja3: try to enable ja3 if rule keywords need it

diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c
index daefa443b15c3452efef7f0dabf8c62a6514b9f3..96cfc02f66b8b1edbe305b9c2d3a2f7e99628cae 100644 (file)
--- a/src/detect-tls-ja3-hash.c
+++ b/src/detect-tls-ja3-hash.c
@@ -123,6 +123,9 @@ static int DetectTlsJa3HashSetup(DetectEngineCtx *de_ctx, Signature *s, const ch
     if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0)
         return -1;
 
+    /* try to enable JA3 */
+    SSLEnableJA3();
+
     /* Check if JA3 is disabled */
     if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
         return -1;

diff --git a/src/detect-tls-ja3-string.c b/src/detect-tls-ja3-string.c
index d253fc289ec89b7b20c6c643978bbfaa7b13c06b..79d2d2769e6bf6cc4228abd4f436a6dc581ff0d3 100644 (file)
--- a/src/detect-tls-ja3-string.c
+++ b/src/detect-tls-ja3-string.c
@@ -113,6 +113,9 @@ static int DetectTlsJa3StringSetup(DetectEngineCtx *de_ctx, Signature *s, const
     if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0)
         return -1;
 
+    /* try to enable JA3 */
+    SSLEnableJA3();
+
     /* Check if JA3 is disabled */
     if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
         return -1;

diff --git a/src/detect-tls-ja3s-hash.c b/src/detect-tls-ja3s-hash.c
index d359be7792b57e07917fa08f5f9701703bf1636a..586b0bbeb81c0bac04cc6ec37f60c39988ff082b 100644 (file)
--- a/src/detect-tls-ja3s-hash.c
+++ b/src/detect-tls-ja3s-hash.c
@@ -122,6 +122,9 @@ static int DetectTlsJa3SHashSetup(DetectEngineCtx *de_ctx, Signature *s, const c
     if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0)
         return -1;
 
+    /* try to enable JA3 */
+    SSLEnableJA3();
+
     /* Check if JA3 is disabled */
     if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
         return -1;

diff --git a/src/detect-tls-ja3s-string.c b/src/detect-tls-ja3s-string.c
index 7cdf27f632132cc86a3744634dd95a008473489b..85f9696a0fe095dfac013b2d2cb42f0db94fa1b8 100644 (file)
--- a/src/detect-tls-ja3s-string.c
+++ b/src/detect-tls-ja3s-string.c
@@ -112,6 +112,9 @@ static int DetectTlsJa3SStringSetup(DetectEngineCtx *de_ctx, Signature *s, const
     if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0)
         return -1;
 
+    /* try to enable JA3 */
+    SSLEnableJA3();
+
     /* Check if JA3 is disabled */
     if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
         return -1;

diff --git a/src/util-ja3.c b/src/util-ja3.c
index 2152b5f4bb4767653b88d7d9ff3ec5800b959b32..89ebcc63b1c6c31b1f51ba730ef8456aec9ed55a 100644 (file)
--- a/src/util-ja3.c
+++ b/src/util-ja3.c
@@ -24,6 +24,7 @@
  */
 
 #include "suricata-common.h"
+#include "app-layer-ssl.h"
 #include "util-validate.h"
 #include "util-ja3.h"
 
@@ -261,11 +262,7 @@ char *Ja3GenerateHash(JA3Buffer *buffer)
  */
 int Ja3IsDisabled(const char *type)
 {
-    int is_enabled = 0;
-
-    /* Check if JA3 is enabled */
-    ConfGetBool("app-layer.protocols.tls.ja3-fingerprints", &is_enabled);
-
+    bool is_enabled = SSLJA3IsEnabled();
     if (is_enabled == 0) {
         SCLogWarning(SC_WARN_JA3_DISABLED, "JA3 is disabled, skipping %s",
                      type);