[1/3] Suricata: detect TLS traffic on IMAPS/POP3S/SSMTP portsas, well
Commit Message
Partially fixes #11808
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
---
config/suricata/suricata.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
Thanks for the patch - Merged.
Best regards,
-Stefan
> Partially fixes #11808
>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> Cc: Stefan Schantl <stefan.schantl@ipfire.org>
> ---
> config/suricata/suricata.yaml | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/config/suricata/suricata.yaml
> b/config/suricata/suricata.yaml
> index 48035a67e..dd7e53584 100644
> --- a/config/suricata/suricata.yaml
> +++ b/config/suricata/suricata.yaml
> @@ -140,7 +140,7 @@ app-layer:
> tls:
> enabled: yes
> detection-ports:
> - dp: 443
> + dp: "[443,465,993,995]"
>
> # Completely stop processing TLS/SSL session after the
> handshake
> # completed. If bypass is enabled this will also trigger flow
@@ -140,7 +140,7 @@ app-layer:
tls:
enabled: yes
detection-ports:
- dp: 443
+ dp: "[443,465,993,995]"
# Completely stop processing TLS/SSL session after the handshake
# completed. If bypass is enabled this will also trigger flow