doc: Add ssl_state doc

author Andi <andi@geekosphere.org>

Thu, 31 Dec 2015 21:12:42 +0000 (22:12 +0100)

committer Victor Julien <victor@inliniac.net>

Wed, 28 Sep 2016 11:11:10 +0000 (13:11 +0200)
author Andi <andi@geekosphere.org>
Thu, 31 Dec 2015 21:12:42 +0000 (22:12 +0100)
committer Victor Julien <victor@inliniac.net>
Wed, 28 Sep 2016 11:11:10 +0000 (13:11 +0200)
diff --git a/doc/sphinx/rules/tls-keywords.rst b/doc/sphinx/rules/tls-keywords.rst

index 5e891a68f64c2369e4013224fcc8a1c916126c6e..5ff137de43651c9d1ece668230442d3c583620ec 100644 (file)
--- a/doc/sphinx/rules/tls-keywords.rst
+++ b/doc/sphinx/rules/tls-keywords.rst
@@ -1,4 +1,4 @@
-TLS Keywords
+SSL/TLS Keywords
  ============
  
  Suricata comes with several rule keywords to match on various properties of TLS/SSL handshake. Matches are string inclusion matches.
@@ -68,3 +68,12 @@ tls.store
  store TLS/SSL certificate on disk
  
  Support added in Suricata version 1.4.
+
+ssl_state
+---------
+
+The ``ssl_state`` keyword matches the state of the SSL connection. The possible states
+are ``client_hello``, ``server_hello``, ``client_keyx``, ``server_keyx`` and ``unknown``.
+You can specify several states with ``|`` (OR) to check for any of the specified states.
+
+Negation support is not available yet, see https://redmine.openinfosecfoundation.org/issues/1231
author	Andi <andi@geekosphere.org>
	Thu, 31 Dec 2015 21:12:42 +0000 (22:12 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 28 Sep 2016 11:11:10 +0000 (13:11 +0200)