Bug 12507 - Suricata: Enable JA3 support
Summary: Suricata: Enable JA3 support
Status: CLOSED WONTFIX
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: all All
: Will affect most users Minor Usability
Assignee: Stefan Schantl
QA Contact: Peter Müller
URL:
Keywords: Security
Depends on: 12536
Blocks: SURICATA2.0
  Show dependency treegraph
 
Reported: 2020-10-21 11:18 UTC by Peter Müller
Modified: 2021-10-25 18:28 UTC (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Müller 2020-10-21 11:18:07 UTC 
I have stumbled across this a while ago and it slipped my mind.

Since some people in our community noticed missing JA3 support as well - which is required for some rather new rulesets, particularly those provided by abuse.ch - I create this ticket as a reminder for myself.

See also: https://community.ipfire.org/t/suricata-service-fails-errcode-sc-warn-ja3-disabled-309/3470
Comment 1 Stefan Schantl 2020-10-27 09:50:16 UTC 
Patch has been sent to the development mailing list:

https://patchwork.ipfire.org/patch/3612/
Comment 2 Peter Müller 2020-10-27 14:36:02 UTC 
@Stefan: Thanks for taking care of this. :-)
Comment 4 Michael Tremer 2020-11-19 11:53:39 UTC 
Does not work, see bug 12536.
Comment 5 Michael Tremer 2021-10-25 18:28:17 UTC 
I think we can close this because JA3 require NSS which we won't package for IPFire. Future versions of suricata will replace this part and use Rust, so the dependency on nss will go away eventually.