Actions
Bug #2060
closedlua rules not compatible with new tls_* keywords
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
By running suricata on the provided pcap and rules, we have alerts with the signature with SID 1.
suricata -r tls.pcap -k none -l log/ -S tls-no-lua.rules
When using the second signature in the file (using the old style tls.subject keyword), then we have no alert.
Files
Updated by Eric Leblond about 7 years ago
- Target version set to 3.2.2
This is corrected in master after https://github.com/inliniac/suricata/commit/4ae4fd08024e2a5369cf785e8597a2afbd9a6bc2 (lua: use tls_generic list for ssl/tls) but this is part of a important rewrite so a different fix has to be found for 3.2.x branch.
Updated by Victor Julien almost 7 years ago
- Assignee changed from Eric Leblond to OISF Dev
- Target version changed from 3.2.2 to 70
Ok, thanks!
Updated by Victor Julien almost 7 years ago
- Status changed from New to Closed
- Assignee deleted (
OISF Dev) - Target version deleted (
70)
Fixing this in 3.2 is too complicated. 4.0 is almost out, so ppl who need this can use that.
Actions