I recently ran across this passage in the documentation, which implies that setting “encryption-handling: bypass” would make Heartbleed attacks invisible to Suricata.
I’m not very concerned about Heartbleed specifically, since a patch has been available for a long time. However, I’m curious about what other things might be missed with that setting enabled.
Are there other known attacks that would be made invisible by bypassing encryption handling?