diff mbox series

[1/3] Suricata: detect TLS traffic on IMAPS/POP3S/SSMTP portsas, well

Message ID a90a64f1-cbfe-cd0b-af99-1e4b5989a4e0@ipfire.org
State Accepted
Commit 05a635ec04f1ca7ee85a1511757ef3fea28cdb5c
Headers
Series [1/3] Suricata: detect TLS traffic on IMAPS/POP3S/SSMTP portsas, well |

Commit Message

Peter Müller Feb. 8, 2019, 4:38 a.m. UTC 
  Partially fixes #11808

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Cc: Stefan Schantl <stefan.schantl@ipfire.org>
---
 config/suricata/suricata.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Stefan Schantl Feb. 8, 2019, 7:33 a.m. UTC | #1 
Thanks for the patch - Merged.

Best regards,

-Stefan
> Partially fixes #11808
> 
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> Cc: Stefan Schantl <stefan.schantl@ipfire.org>
> ---
>  config/suricata/suricata.yaml | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/config/suricata/suricata.yaml
> b/config/suricata/suricata.yaml
> index 48035a67e..dd7e53584 100644
> --- a/config/suricata/suricata.yaml
> +++ b/config/suricata/suricata.yaml
> @@ -140,7 +140,7 @@ app-layer:
>      tls:
>        enabled: yes
>        detection-ports:
> -        dp: 443
> +        dp: "[443,465,993,995]"
>  
>        # Completely stop processing TLS/SSL session after the
> handshake
>        # completed. If bypass is enabled this will also trigger flow
diff mbox series

Patch

diff --git a/config/suricata/suricata.yaml b/config/suricata/suricata.yaml
index 48035a67e..dd7e53584 100644
--- a/config/suricata/suricata.yaml
+++ b/config/suricata/suricata.yaml
@@ -140,7 +140,7 @@  app-layer:
     tls:
       enabled: yes
       detection-ports:
-        dp: 443
+        dp: "[443,465,993,995]"
 
       # Completely stop processing TLS/SSL session after the handshake
       # completed. If bypass is enabled this will also trigger flow