Bug #8158
closedBug #3220: tls: ssl_version keyword negation (!) not working
tls: ssl_version keyword negation (!) not working (7.0.x backport)
PA Updated by Philippe Antoine 4 months ago
- Assignee changed from Philippe Antoine to OISF Dev
I do not think this needs to be backported to 7 : nothing critical, an undocumented feature never worked, and this is just syntax sugar, not adding more expressivity to the rules language
JI Updated by Jason Ish 4 months ago
Philippe Antoine wrote in #note-1:
I do not think this needs to be backported to 7 : nothing critical, an undocumented feature never worked, and this is just syntax sugar, not adding more expressivity to the rules language
How does it fail. Does 7.0 silently accept the negation leading the user to think that it should work? Then a backport is fine.
Or does it error out as an invalid rule? Then probably not, its more of a feature then.
PA Updated by Philippe Antoine 4 months ago
How does it fail. Does 7.0 silently accept the negation leading the user to think that it should work?
yes
There are other cases where we use the opposite rule like https://redmine.openinfosecfoundation.org/issues/8010
Suricata8 silently accepts fragbits:M+D; leading the user to think that it should work, but it does not : it is handled as just M with trailing garbage ignored, and we do not want to backport it as existing ruleset will fail to load
PA Updated by Philippe Antoine 4 months ago
- Status changed from Assigned to In Review
PA Updated by Philippe Antoine 4 months ago
- Status changed from In Review to Closed
SB Updated by Shivani Bhardwaj 3 months ago
- Subject changed from ssl_version keyword negation (!) not working (7.0.x backport) to tls: ssl_version keyword negation (!) not working (7.0.x backport)
- Assignee changed from OISF Dev to Philippe Antoine