From: Jason Ish Date: Thu, 17 Oct 2024 14:41:54 +0000 (-0600) Subject: eve/tls: remove broken check for ja3 being enabled X-Git-Tag: suricata-8.0.0-beta1~776 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2e788408c07fb8043ed32f5694529ea1434ed618;p=thirdparty%2Fsuricata.git eve/tls: remove broken check for ja3 being enabled During EVE TLS setup, a broken check for Ja3 being enabled led to Ja3 being disabled, but only in custom mode. This check is not needed, if Ja3 is disabled, it won't be available, and won't be logged. This is required to implement "extended" in terms of "custom" fields. --- diff --git a/src/output-json-tls.c b/src/output-json-tls.c index b58503a661..03108cf647 100644 --- a/src/output-json-tls.c +++ b/src/output-json-tls.c @@ -663,13 +663,6 @@ static OutputTlsCtx *OutputTlsInitCtx(ConfNode *conf) tls_ctx->flags |= LOG_TLS_SESSION_RESUMPTION; } - if ((tls_ctx->fields & LOG_TLS_FIELD_JA3) && - Ja3IsDisabled("fields")) { - /* JA3 is disabled, so don't log any JA3 fields */ - tls_ctx->fields &= ~LOG_TLS_FIELD_JA3; - tls_ctx->fields &= ~LOG_TLS_FIELD_JA3S; - } - if ((tls_ctx->fields & LOG_TLS_FIELD_CERTIFICATE) && (tls_ctx->fields & LOG_TLS_FIELD_CHAIN)) { SCLogWarning("Both 'certificate' and 'chain' contains the top "