tls: change 'no-reassemble' option to default off

This option was broken so there should be no visible change to
actual deployments.

src/app-layer-ssl.c

@@ -79,6 +79,9 @@ SCEnumCharMap tls_decoder_event_table[ ] = {
     { NULL,                          -1 },
 };
 
+/* by default we keep tracking */
+#define SSL_CONFIG_DEFAULT_NOREASSEMBLE 0
+
 typedef struct SslConfig_ {
     int no_reassemble;
 } SslConfig;
@@ -1807,10 +1810,10 @@ void RegisterSSLParsers(void)
         /* Get the value of no reassembly option from the config file */
         if (ConfGetNode("app-layer.protocols.tls.no-reassemble") == NULL) {
             if (ConfGetBool("tls.no-reassemble", &ssl_config.no_reassemble) != 1)
-                ssl_config.no_reassemble = 1;
+                ssl_config.no_reassemble = SSL_CONFIG_DEFAULT_NOREASSEMBLE;
         } else {
             if (ConfGetBool("app-layer.protocols.tls.no-reassemble", &ssl_config.no_reassemble) != 1)
-                ssl_config.no_reassemble = 1;
+                ssl_config.no_reassemble = SSL_CONFIG_DEFAULT_NOREASSEMBLE;
         }
     } else {
         SCLogInfo("Parsed disabled for %s protocol. Protocol detection"
@@ -1820,11 +1823,6 @@ void RegisterSSLParsers(void)
 #ifdef UNITTESTS
     AppLayerParserRegisterProtocolUnittests(IPPROTO_TCP, ALPROTO_TLS, SSLParserRegisterTests);
 #endif
-
-    /* Get the value of no reassembly option from the config file */
-    if (ConfGetBool("tls.no-reassemble", &ssl_config.no_reassemble) != 1)
-        ssl_config.no_reassemble = 1;
-
     return;
 }
 

suricata.yaml.in

@@ -654,6 +654,10 @@ app-layer:
       detection-ports:
         dp: 443
 
+      # Completely stop processing TLS/SSL session after the handshake
+      # completed. If bypass is enabled this will also trigger flow
+      # bypass. If disabled (the default), TLS/SSL session is still
+      # tracked for Heartbleed and other anomalies.
       #no-reassemble: yes
     dcerpc:
       enabled: yes