{ NULL, -1 },
};
+/* by default we keep tracking */
+#define SSL_CONFIG_DEFAULT_NOREASSEMBLE 0
+
typedef struct SslConfig_ {
int no_reassemble;
} SslConfig;
/* Get the value of no reassembly option from the config file */
if (ConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
if (ConfGetBool("tls.no-reassemble", &ssl_config.no_reassemble) != 1)
- ssl_config.no_reassemble = 1;
+ ssl_config.no_reassemble = SSL_CONFIG_DEFAULT_NOREASSEMBLE;
} else {
if (ConfGetBool("app-layer.protocols.tls.no-reassemble", &ssl_config.no_reassemble) != 1)
- ssl_config.no_reassemble = 1;
+ ssl_config.no_reassemble = SSL_CONFIG_DEFAULT_NOREASSEMBLE;
}
} else {
SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
#ifdef UNITTESTS
AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_TLS, SSLParserRegisterTests);
#endif
-
- /* Get the value of no reassembly option from the config file */
- if (ConfGetBool("tls.no-reassemble", &ssl_config.no_reassemble) != 1)
- ssl_config.no_reassemble = 1;
-
return;
}
detection-ports:
dp: 443
+ # Completely stop processing TLS/SSL session after the handshake
+ # completed. If bypass is enabled this will also trigger flow
+ # bypass. If disabled (the default), TLS/SSL session is still
+ # tracked for Heartbleed and other anomalies.
#no-reassemble: yes
dcerpc:
enabled: yes
projects / thirdparty / suricata.git / commitdiff
