-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Decouple stream bypass from TLS encrypted bypass v3 #11801
Decouple stream bypass from TLS encrypted bypass v3 #11801
Conversation
Decouple app.protocols.tls.encryption-handling and stream.bypass. There's no apparent reason why encrypted TLS bypass traffic should depend on stream bypass, as these are unrelated features. Ticket: 6788
NOTE: This PR may contain new authors. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #11801 +/- ##
=========================================
Coverage ? 82.59%
=========================================
Files ? 919
Lines ? 249030
Branches ? 0
=========================================
Hits ? 205675
Misses ? 43355
Partials ? 0
Flags with carried forward coverage won't be shown. Click here to find out more. |
Awesome, thank you for picking this up. |
WARNING:
Pipeline 22744 |
I believe this is due to SSH connections not being bypassed, if the config has stream bypass configured then SSH encryption handling setting would also need to be changed to |
Do I understand that this PR is changing the default behavior ? |
Changed defaults in #11831 |
Following up on #10464
Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6788
Describe changes:
encryption-handling
allowing to choose whether to continue inspection on SSH once it turns encryptedSV_BRANCH=OISF/suricata-verify#2047