From: Victor Julien <victor@inliniac.net>
Date: Thu, 3 Oct 2019 10:51:08 +0000 (+0200)
Subject: tls/ja3: don't disable; allowing runtime enabling
X-Git-Tag: suricata-5.0.0~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=788c9f8f11cc45d832b642daecb8df8b5e424b74;p=thirdparty%2Fsuricata.git

tls/ja3: don't disable; allowing runtime enabling
---

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 9e2f91e9be..20e512b1be 100644
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -727,8 +727,9 @@ app-layer:
       detection-ports:
         dp: 443
 
-      # Generate JA3 fingerprint from client hello
-      ja3-fingerprints: no
+      # Generate JA3 fingerprint from client hello. If not specified it
+      # will be disabled by default, but enabled if rules require it.
+      #ja3-fingerprints: yes
 
       # What to do when the encrypted communications start:
       # - default: keep tracking TLS session, check for protocol anomalies,