Ssp_ssl: Invalid Client HELLO after Server HELLO Detected
-
Hi,
I have read so much info and many different suggestions to why my snort is display false positives. I have got the
Define SSL_IGNORE = 443 465 563 636 989 990 992 993 994 995
but i am still getting alert messages inbound and outbound displaying the error "ssp_ssl: Invalid Client HELLO after Server HELLO Detected"
I carnt find a way around it?
-
Have the same problem and even after adding:
suppress gen_id 137, sig_id 1
the alerts won't be in the alert list, but the ip's are getting blocked by snort…
-
Check this Video tutorial for snort rule supress
https://www.youtube.com/watch?v=uQ7OrxtiAes -
Hi Marcelloc,
Thanks for your answer, but I did exactly that. I have serveral other suppressions and they work properly; they don't show up in the alert list and they don't get blocked…
With this one they don't show up in the alert list, but they get blocked(?)