--- /dev/null
+Simple test that tests a TLS 1.3 draft 18 pcap file from Wireshark issue
+tracker [1].
+
+PCAP URL:
+ https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15156
+
+[1] "12779 - Add TLS 1.3 support"
+https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12779
--- /dev/null
+%YAML 1.1
+---
+
+include: ../../etc/suricata-3.1.2.yaml
+
+outputs:
+ - eve-log:
+ enabled: yes
+ filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+ filename: eve.json
+ types:
+ - tls:
+ extended: yes # enable this for extended logging information
+
+app-layer:
+ protocols:
+ tls:
+ enabled: yes
+ detection-ports:
+ dp: 443
+
+ # Generate JA3 fingerprint from client hello
+ ja3-fingerprints: yes
+
+ encrypt-handling: bypass
--- /dev/null
+min-version: 4.1.0
+
+requires:
+ features:
+ - HAVE_LIBJANSSON
+ - HAVE_NSS
+
+args:
+ - -k none
+
+checks:
+
+ - filter:
+ count: 1
+ match:
+ event_type: tls
+ tls.version: "TLS 1.3 draft-18"
+ tls.ja3.hash: "23d254f72096d25c350e4a4a792f4948"
+ tls.ja3.string: "771,4865-4866-4867-49195-49199-158-49196-49200-159-52393-52392-52244-52243-49161-49187-49171-49191-51-103-49162-49188-49172-49192-57-107-156-157-47-60-53-61-10,65281-23-35-13-11-40-45-43-10,29-23-24,0"
projects / thirdparty / suricata-verify.git / commitdiff
