Suricata tls-log for analysis async-oneside

Help
1

When I set stream.async-oneside=true in suricata.yaml ,it work for detecting one-direction traffic, alert log file will record the hit event, but can’t output the tls.log which can be set in suricata.yaml
tls-log config

Is it possible to change any source code make suricata can analysis unidirection flow and log output in tls.log file

env: ubuntu-20.04 suricata-5.0.3

2

When I set following config,it work but missing some value. ssl_version、subject_dn、issuer_dn、serialnumber are all missing only SNI is correct.

midstream = true
async-oneside = true

3

I have solved this question by modify following source code in suricata-5.0.4

  1. [app-layer.c] line 429~431 need to be remark、line 444~449 need to be remark
  2. [app-layer-ssl.c] line 1428 break need to be remark
  3. [output-json-tls.c] line 169~171 add tls_version function
  4. [log-tlslog.c] line 369 、line 439 add tls_version function
4

Can you share the changes you have made to address this issue? Ideally in a github pull request?

5

OK~
When I have time, I will do it.

6

Can you please share the changes you made. I am hitting the same issue, you described above.

7

Victor,

were you or anyone was able to incorporate these changes in newer Suricata Version? I am facing similar issue.

8

No. It would be great if someone would make a proper PR and such.