[Oisf-users] Suricata 4.1.5 - unable to complete certain TLS connections

Davide Setti d.setti at certego.net
Mon Oct 21 07:39:19 UTC 2019

Hi Nuno,

I believe that the reason is your modifysid:

> modifysid emerging-trojan.rules "^alert" | "drop"

Since you are telling suricata to drop every time a rule match. This  may
cause problems especially with encrypted traffic, since some rules match
against 2 or 3 bytes.
Are there any log of type alert when you experience this issue?

Davide Setti
Security Platform Lead Engineer, Certego
<http://www.linkedin.com/company/certego>  <http://twitter.com/Certego_IRT>
<http://github.com/certego>  <http://www.youtube.com/CERTEGOsrl>
Use of the information within this document constitutes acceptance for use
in an "as is" condition. There are no warranties with regard to this
information; Certego has verified the data as thoroughly as possible. Any
use of this information lies within the user's responsibility. In no event
shall Certego be liable for any consequences or damages, including direct,
indirect, incidental, consequential, loss of business profits or special
damages, arising out of or in connection with the use or spread of this
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191021/8cab862a/attachment.html>

More information about the Oisf-users mailing list