--- /dev/null
+Simple test that tests a TLS 1.3 draft 19 pcap file from Wireshark issue
+tracker [1].
+
+PCAP URL:
+ https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15362
+
+[1] "12779 - Add TLS 1.3 support"
+https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12779
--- /dev/null
+%YAML 1.1
+---
+
+include: ../../etc/suricata-3.1.2.yaml
+
+outputs:
+ - eve-log:
+ enabled: yes
+ filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+ filename: eve.json
+ types:
+ - tls:
+ extended: yes # enable this for extended logging information
+
+app-layer:
+ protocols:
+ tls:
+ enabled: yes
+ detection-ports:
+ dp: 443
+
+ # Generate JA3 fingerprint from client hello
+ ja3-fingerprints: yes
+
+ encrypt-handling: bypass
--- /dev/null
+min-version: 4.1.0
+
+requires:
+ features:
+ - HAVE_LIBJANSSON
+ - HAVE_NSS
+
+args:
+ - -k none
+
+checks:
+
+ - filter:
+ count: 1
+ match:
+ event_type: tls
+ tls.sni: "localhost"
+ tls.version: "TLS 1.3 draft-19"
+ tls.ja3.hash: "0e870cb29dd59424064948532781a7f6"
+ tls.ja3.string: "771,4866-255,0-11-10-35-13-22-23-43-45-40,29-23-25-24,0-1-2"
+
+ - filter:
+ count: 1
+ match:
+ event_type: tls
+ tls.sni: "localhost"
+ tls.version: "TLS 1.3 draft-19"
+ tls.ja3.hash: "30e5035b2d6787e7b319f75c36c438fe"
+ tls.ja3.string: "771,4866-255,0-11-10-35-13-22-23-43-45-40-42-41,29-23-25-24,0-1-2"
+
+ - filter:
+ count: 1
+ match:
+ event_type: tls
+ tls.sni: "localhost"
+ tls.version: "TLS 1.3 draft-19"
+ tls.ja3.hash: "e6ae7b5efb58894bd43d6fa73420d267"
+ tls.ja3.string: "771,49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-4866-4867-4865-61-60-53-47-255,0-11-10-35-13-22-23-43-45-40-42-41,29-23-25-24,0-1-2"
projects / thirdparty / suricata-verify.git / commitdiff
