Bug 12507

Summary:	Suricata: Enable JA3 support
Product:	IPFire	Reporter:	Peter Müller <peter.mueller>
Component:	---	Assignee:	Stefan Schantl <stevee>
Status:	CLOSED WONTFIX	QA Contact:	Peter Müller <peter.mueller>
Severity:	Minor Usability
Priority:	Will affect most users	CC:	michael.tremer, peter.mueller, stefan.schantl, stevee
Version:	2	Keywords:	Security
Hardware:	all
OS:	All
See Also:	https://bugzilla.ipfire.org/show_bug.cgi?id=12536
Bug Depends on:	12536
Bug Blocks:	12052

Description Peter Müller 2020-10-21 11:18:07 UTC

I have stumbled across this a while ago and it slipped my mind.

Since some people in our community noticed missing JA3 support as well - which is required for some rather new rulesets, particularly those provided by abuse.ch - I create this ticket as a reminder for myself.

See also: https://community.ipfire.org/t/suricata-service-fails-errcode-sc-warn-ja3-disabled-309/3470

Comment 1 Stefan Schantl 2020-10-27 09:50:16 UTC

Patch has been sent to the development mailing list:

https://patchwork.ipfire.org/patch/3612/

Comment 2 Peter Müller 2020-10-27 14:36:02 UTC

@Stefan: Thanks for taking care of this. :-)

Comment 3 Peter Müller 2020-10-27 14:38:51 UTC

https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=0937bd9c01fd4c56fdee688e887958dc72a9b03b

Comment 4 Michael Tremer 2020-11-19 11:53:39 UTC

Does not work, see bug 12536.

Comment 5 Michael Tremer 2021-10-25 18:28:17 UTC

I think we can close this because JA3 require NSS which we won't package for IPFire. Future versions of suricata will replace this part and use Rust, so the dependency on nss will go away eventually.