Ssp_ssl: Invalid Client HELLO after Server HELLO Detected
I have read so much info and many different suggestions to why my snort is display false positives. I have got the
Define SSL_IGNORE = 443 465 563 636 989 990 992 993 994 995
but i am still getting alert messages inbound and outbound displaying the error "ssp_ssl: Invalid Client HELLO after Server HELLO Detected"
I carnt find a way around it?
Have the same problem and even after adding:
suppress gen_id 137, sig_id 1
the alerts won't be in the alert list, but the ip's are getting blocked by snort…
marcelloc last edited by
Check this Video tutorial for snort rule supress
Thanks for your answer, but I did exactly that. I have serveral other suppressions and they work properly; they don't show up in the alert list and they don't get blocked…
With this one they don't show up in the alert list, but they get blocked(?)