Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ssp_ssl: Invalid Client HELLO after Server HELLO Detected

    pfSense Packages
    3
    4
    10214
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ANSASERVERS
      last edited by

      Hi,

      I have read so much info and many different suggestions to why my snort is display false positives. I have got the

      Define SSL_IGNORE = 443 465 563 636 989 990 992 993 994 995

      but i am still getting alert messages inbound and outbound displaying the error "ssp_ssl: Invalid Client HELLO after Server HELLO Detected"

      I carnt find a way around it?

      1 Reply Last reply Reply Quote 0
      • D
        digdug3
        last edited by

        Have the same problem and even after adding:

        suppress gen_id 137, sig_id 1

        the alerts won't be in the alert list, but the ip's are getting blocked by snort…

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          Check this Video tutorial for snort rule supress
          https://www.youtube.com/watch?v=uQ7OrxtiAes

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • D
            digdug3
            last edited by

            Hi Marcelloc,

            Thanks for your answer, but I did exactly that. I have serveral other suppressions and they work properly; they don't show up in the alert list and they don't get blocked…

            With this one they don't show up in the alert list, but they get blocked(?)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post