From: Victor Julien <victor@inliniac.net>
Date: Thu, 3 Oct 2019 11:30:53 +0000 (+0200)
Subject: tls/ja3: try to enable ja3 if rule keywords need it
X-Git-Tag: suricata-5.0.0~55
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ca5226f0c76c873c6bd06f7e9d2b7c25291d4842;p=thirdparty%2Fsuricata.git

tls/ja3: try to enable ja3 if rule keywords need it
---

diff --git a/src/detect-tls-ja3-hash.c b/src/detect-tls-ja3-hash.c
index daefa443b1..96cfc02f66 100644
--- a/src/detect-tls-ja3-hash.c
+++ b/src/detect-tls-ja3-hash.c
@@ -123,6 +123,9 @@ static int DetectTlsJa3HashSetup(DetectEngineCtx *de_ctx, Signature *s, const ch
     if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0)
         return -1;
 
+    /* try to enable JA3 */
+    SSLEnableJA3();
+
     /* Check if JA3 is disabled */
     if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
         return -1;
diff --git a/src/detect-tls-ja3-string.c b/src/detect-tls-ja3-string.c
index d253fc289e..79d2d2769e 100644
--- a/src/detect-tls-ja3-string.c
+++ b/src/detect-tls-ja3-string.c
@@ -113,6 +113,9 @@ static int DetectTlsJa3StringSetup(DetectEngineCtx *de_ctx, Signature *s, const
     if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0)
         return -1;
 
+    /* try to enable JA3 */
+    SSLEnableJA3();
+
     /* Check if JA3 is disabled */
     if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
         return -1;
diff --git a/src/detect-tls-ja3s-hash.c b/src/detect-tls-ja3s-hash.c
index d359be7792..586b0bbeb8 100644
--- a/src/detect-tls-ja3s-hash.c
+++ b/src/detect-tls-ja3s-hash.c
@@ -122,6 +122,9 @@ static int DetectTlsJa3SHashSetup(DetectEngineCtx *de_ctx, Signature *s, const c
     if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0)
         return -1;
 
+    /* try to enable JA3 */
+    SSLEnableJA3();
+
     /* Check if JA3 is disabled */
     if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
         return -1;
diff --git a/src/detect-tls-ja3s-string.c b/src/detect-tls-ja3s-string.c
index 7cdf27f632..85f9696a0f 100644
--- a/src/detect-tls-ja3s-string.c
+++ b/src/detect-tls-ja3s-string.c
@@ -112,6 +112,9 @@ static int DetectTlsJa3SStringSetup(DetectEngineCtx *de_ctx, Signature *s, const
     if (DetectSignatureSetAppProto(s, ALPROTO_TLS) < 0)
         return -1;
 
+    /* try to enable JA3 */
+    SSLEnableJA3();
+
     /* Check if JA3 is disabled */
     if (!RunmodeIsUnittests() && Ja3IsDisabled("rule"))
         return -1;
diff --git a/src/util-ja3.c b/src/util-ja3.c
index 2152b5f4bb..89ebcc63b1 100644
--- a/src/util-ja3.c
+++ b/src/util-ja3.c
@@ -24,6 +24,7 @@
  */
 
 #include "suricata-common.h"
+#include "app-layer-ssl.h"
 #include "util-validate.h"
 #include "util-ja3.h"
 
@@ -261,11 +262,7 @@ char *Ja3GenerateHash(JA3Buffer *buffer)
  */
 int Ja3IsDisabled(const char *type)
 {
-    int is_enabled = 0;
-
-    /* Check if JA3 is enabled */
-    ConfGetBool("app-layer.protocols.tls.ja3-fingerprints", &is_enabled);
-
+    bool is_enabled = SSLJA3IsEnabled();
     if (is_enabled == 0) {
         SCLogWarning(SC_WARN_JA3_DISABLED, "JA3 is disabled, skipping %s",
                      type);