From 2e788408c07fb8043ed32f5694529ea1434ed618 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Thu, 17 Oct 2024 08:41:54 -0600
Subject: [PATCH] eve/tls: remove broken check for ja3 being enabled

During EVE TLS setup, a broken check for Ja3 being enabled led to Ja3
being disabled, but only in custom mode. This check is not needed, if
Ja3 is disabled, it won't be available, and won't be logged.

This is required to implement "extended" in terms of "custom" fields.
---
 src/output-json-tls.c | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/src/output-json-tls.c b/src/output-json-tls.c
index b58503a661..03108cf647 100644
--- a/src/output-json-tls.c
+++ b/src/output-json-tls.c
@@ -663,13 +663,6 @@ static OutputTlsCtx *OutputTlsInitCtx(ConfNode *conf)
         tls_ctx->flags |= LOG_TLS_SESSION_RESUMPTION;
     }
 
-    if ((tls_ctx->fields & LOG_TLS_FIELD_JA3) &&
-            Ja3IsDisabled("fields")) {
-        /* JA3 is disabled, so don't log any JA3 fields */
-        tls_ctx->fields &= ~LOG_TLS_FIELD_JA3;
-        tls_ctx->fields &= ~LOG_TLS_FIELD_JA3S;
-    }
-
     if ((tls_ctx->fields & LOG_TLS_FIELD_CERTIFICATE) &&
             (tls_ctx->fields & LOG_TLS_FIELD_CHAIN)) {
         SCLogWarning("Both 'certificate' and 'chain' contains the top "