Suricata cannot detect tls.sni from overlongTLS packets

Suricata 4.1.3 cannot detect tls.sni from overlong TLS1.3 packets, but version 7.0.2 can. Does anyone know which patch solves this problem?

Suricata 4 is EOL for a very long time, Suricata 6 will be EOL this year as well, so proceed with Suricata 7.
Keep in mind old versions also lack several security fixes.
Make sure to update to current supported stable versions, we don’t support such old versions.

2 Likes

Hello,
As per my knowledge
Suricata 4.1.3 cannot detect tls.sni from overlong TLS1.3 packets, but version 7.0.2 can. The issue is resolved by patches and updates included in the newer versions.

To address this, update to the latest version of Suricata. This will include the necessary fixes and improvements. If updating is not an option, check the Suricata changelog and GitHub repository for specific patches related to TLS1.3 packet handling between these versions.
I hope this will help you,
Thank you