Latest SVN (0.5.1) will not disable a particular rule

[GoogleCodeExporter]

What steps will reproduce the problem?
1. add pcre:ssl_version to disablesid.conf; OR
2. add 1:17748 to disablesid.conf
3.

What is the expected output? What do you see instead?
I would expect the following rule to be disabled - it isn't:

alert tcp $EXTERNAL_NET any -> $HOME_NET 443 (msg:"WEB-MISC TLSv1 
Client_Certificate handshake"; flow:established, to_server; ssl_version:tls1.0; 
content:"|16 03 01|"; depth:3; content:"|0B|"; depth:1; offset:5; 
flowbits:set,tlsv1.client_hello.certificate; flowbits:noalert; metadata:service 
http; classtype:protocol-command-decode; sid:17748; rev:1;)

What version of the product are you using? On what operating system?
0.5.1 (latest SVN - pulled 5 mins ago) on CentOS5

Please provide any additional information below.

Original issue reported on code.google.com by stickfo...@gmail.com on 14 Jan 2011 at 9:26

[GoogleCodeExporter]

It is likely that this flowbit is required by another rule that is still 
enabled, thus PP re-enables it.. can you provide your config files for testing 
and I'll validate this.

Original comment by Cummin...@gmail.com on 14 Jan 2011 at 9:30

[GoogleCodeExporter]

Verified this is not a bug

Original comment by Cummin...@gmail.com on 19 Jan 2011 at 6:43

• Changed state: WontFix