userguide: add documentation for ssl_version keyword

author Mats Klepsland <mats.klepsland@gmail.com>

Mon, 29 Oct 2018 22:03:08 +0000 (23:03 +0100)

committer Victor Julien <victor@inliniac.net>

Tue, 30 Oct 2018 09:21:44 +0000 (10:21 +0100)
author Mats Klepsland <mats.klepsland@gmail.com>
Mon, 29 Oct 2018 22:03:08 +0000 (23:03 +0100)
committer Victor Julien <victor@inliniac.net>
Tue, 30 Oct 2018 09:21:44 +0000 (10:21 +0100)
diff --git a/doc/userguide/rules/tls-keywords.rst b/doc/userguide/rules/tls-keywords.rst

index 01517e50255949b1ac430a12b9ecb817d7e29625..4afbb88d2575b83dec2194644234643f15583ad8 100644 (file)
--- a/doc/userguide/rules/tls-keywords.rst
+++ b/doc/userguide/rules/tls-keywords.rst
@@ -133,6 +133,25 @@ Examples::
  The first example matches TLSv1.2, whilst the last example matches TLSv1.3
  draft 16.
  
+ssl_version
+-----------
+
+Match version of SSL/TLS record.
+
+Supported values "sslv2", "sslv3", "tls1.0", "tls1.1", "tls1.2", "tls1.3"
+
+Example::
+
+  alert tls any any -> any any (msg:"match TLSv1.2"; \
+    ssl_version:tls1.2; sid:200030;)
+
+It is also possible to match on several versions at the same time.
+
+Example::
+
+  alert tls any any -> any any (msg:"match SSLv2 and SSLv3"; \
+    ssl_version:sslv2,sslv3; sid:200031;)
+
  tls.subject
  -----------
author	Mats Klepsland <mats.klepsland@gmail.com>
	Mon, 29 Oct 2018 22:03:08 +0000 (23:03 +0100)
committer	Victor Julien <victor@inliniac.net>
	Tue, 30 Oct 2018 09:21:44 +0000 (10:21 +0100)