Project

General

Profile

Actions

Feature #713

closed

tls.fingerprint - file usage

Added by Peter Manev almost 12 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Now we can use tls.fingerprint like so -
tls.fingerprint:!"f3:40:21:48:70:2c:31:bc:b5:aa:22:ad:63:d6:bc:2e:b3:46:e2:5a";

it could beneficial if we can
tls.fingerprint:!"ssl-fingerprint.file"; where could be a file containing a list of SHA1 and/or MD5 ssl cert fingerprints.

Also if a file list is used - it is helpful if more than on rule can use the file list without the file being loaded multiple times (for each rule).


Related issues 1 (0 open1 closed)

Related to Suricata - Feature #2318: matching on large amounts of data with dynamic updatesClosedVictor JulienActions
Actions

Also available in: Atom PDF