Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JA3 hash computation and filtration #2052

Open
krizhanovsky opened this issue Feb 2, 2024 · 0 comments
Open

JA3 hash computation and filtration #2052

krizhanovsky opened this issue Feb 2, 2024 · 0 comments
Labels
enhancement security TLS Tempesta TLS module and related issues
Milestone
1.1: TBD

Comments

@krizhanovsky
Copy link
Contributor

krizhanovsky commented Feb 2, 2024
edited

Motivation

JA3 is a popular client identification, including for DDoS mitigation. Also required for #1381.

Scope

Compute the JA3 hash on the Tempesta TLS layer and implement a rate limiter for each of the JA3 hash. This must be an on-the-fly reconfigurable option, proposed configuration format:

ja3 {
    <hash value> <connections per second> <TLS records per second>;
}

e.g. (0 unlimited, default):

ja3 {
    e7d705a3286e19ea42f587b344ee6865 0 10;
    6734f37431670b3ab4292b8f60f29984 10 100;
}

Multi-layer JA4 hashes

UPDATE ja4 provides hashes for TCP, TLS, HTTP and even destination measures, so we should move with ja4 and configure which layers should be computed with the hash.

Testing

Please write a test or create a new testing issue for this.

Documentation

Update https://tempesta-tech.com/knowledge-base/Tempesta-TLS/ .
@krizhanovsky krizhanovsky added enhancement security TLS Tempesta TLS module and related issues labels Feb 2, 2024
@krizhanovsky krizhanovsky added this to the 1.1: TBD milestone Feb 2, 2024
@krizhanovsky krizhanovsky changed the title JA3 hash comutation and filtration by ja3 hash JA3 hash comutation and filtration Feb 3, 2024
@krizhanovsky krizhanovsky changed the title JA3 hash comutation and filtration JA3 hash computation and filtration May 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement security TLS Tempesta TLS module and related issues
Projects
None yet
Milestone
1.1: TBD
Development

No branches or pull requests
1 participant
@krizhanovsky