aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

eve/tls: remove broken check for ja3 being enabled

Browse Source 
During EVE TLS setup, a broken check for Ja3 being enabled led to Ja3
being disabled, but only in custom mode. This check is not needed, if
Ja3 is disabled, it won't be available, and won't be logged.

This is required to implement "extended" in terms of "custom" fields.
pull/12004/head
Jason Ish 4 months ago committed by Victor Julien
parent 6a185a8f96
commit 2e788408c0
1 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File

7
src/output-json-tls.c
Unescape Escape View File

@ -663,13 +663,6 @@ static OutputTlsCtx *OutputTlsInitCtx(ConfNode *conf)
tls_ctx->flags |= LOG_TLS_SESSION_RESUMPTION;
}
if ((tls_ctx->fields & LOG_TLS_FIELD_JA3) &&
Ja3IsDisabled("fields")) {
/* JA3 is disabled, so don't log any JA3 fields */
tls_ctx->fields &= ~LOG_TLS_FIELD_JA3;
tls_ctx->fields &= ~LOG_TLS_FIELD_JA3S;
}
if ((tls_ctx->fields & LOG_TLS_FIELD_CERTIFICATE) &&
(tls_ctx->fields & LOG_TLS_FIELD_CHAIN)) {
SCLogWarning("Both 'certificate' and 'chain' contains the top "

Write Preview
Loading…
Cancel
Save