Add test for TLS 1.3 draft 22

diff --git a/tests/tls13-draft22/README.md b/tests/tls13-draft22/README.md
new file mode 100644 (file)
index 0000000..388c84f
--- /dev/null
+++ b/tests/tls13-draft22/README.md
@@ -0,0 +1,8 @@
+Simple test that tests a TLS 1.3 draft 22 pcap file from Wireshark issue
+tracker [1].
+
+PCAP URL:
+  https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15982
+
+[1] "12779 - Add TLS 1.3 support"
+https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12779

diff --git a/tests/tls13-draft22/suricata.yaml b/tests/tls13-draft22/suricata.yaml
new file mode 100644 (file)
index 0000000..7a29ad4
--- /dev/null
+++ b/tests/tls13-draft22/suricata.yaml
@@ -0,0 +1,25 @@
+%YAML 1.1
+---
+
+include: ../../etc/suricata-3.1.2.yaml
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+      filename: eve.json
+      types:
+        - tls:
+            extended: yes     # enable this for extended logging information
+
+app-layer:
+  protocols:
+    tls:
+      enabled: yes
+      detection-ports:
+        dp: 443
+
+      # Generate JA3 fingerprint from client hello
+      ja3-fingerprints: yes
+
+      encrypt-handling: bypass

diff --git a/tests/tls13-draft22/test.yaml b/tests/tls13-draft22/test.yaml
new file mode 100644 (file)
index 0000000..540221d
--- /dev/null
+++ b/tests/tls13-draft22/test.yaml
@@ -0,0 +1,20 @@
+min-version: 4.1.0
+
+requires:
+  features:
+    - HAVE_LIBJANSSON
+    - HAVE_NSS
+
+args:
+  - -k none
+
+checks:
+
+  - filter:
+      count: 1
+      match:
+        event_type: tls
+        tls.sni: "localhost"
+        tls.version: "TLS 1.3 draft-22"
+        tls.ja3.hash: "786468211b4d23f9b725987b0de9d090"
+        tls.ja3.string: "771,4865-4867,0-43-13-10-40,23,"

diff --git a/tests/tls13-draft22/tls13_draft22.pcap b/tests/tls13-draft22/tls13_draft22.pcap
new file mode 100644 (file)
index 0000000..315047b
Binary files /dev/null and b/tests/tls13-draft22/tls13_draft22.pcap differ