From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Thu, 1 Nov 2018 22:20:40 +0000 (+0100)
Subject: Add test for TLS 1.3 draft 19
X-Git-Tag: suricata-6.0.4~485
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=80f18974c4027b78fa2037468e6f028d80aaaa42;p=thirdparty%2Fsuricata-verify.git

Add test for TLS 1.3 draft 19
---

diff --git a/tests/tls13-draft19/README.md b/tests/tls13-draft19/README.md
new file mode 100644
index 000000000..92135848e
--- /dev/null
+++ b/tests/tls13-draft19/README.md
@@ -0,0 +1,8 @@
+Simple test that tests a TLS 1.3 draft 19 pcap file from Wireshark issue
+tracker [1].
+
+PCAP URL:
+  https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15362
+
+[1]Â "12779 - Add TLS 1.3 support"
+https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12779
diff --git a/tests/tls13-draft19/suricata.yaml b/tests/tls13-draft19/suricata.yaml
new file mode 100644
index 000000000..7a29ad442
--- /dev/null
+++ b/tests/tls13-draft19/suricata.yaml
@@ -0,0 +1,25 @@
+%YAML 1.1
+---
+
+include: ../../etc/suricata-3.1.2.yaml
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+      filename: eve.json
+      types:
+        - tls:
+            extended: yes     # enable this for extended logging information
+
+app-layer:
+  protocols:
+    tls:
+      enabled: yes
+      detection-ports:
+        dp: 443
+
+      # Generate JA3 fingerprint from client hello
+      ja3-fingerprints: yes
+
+      encrypt-handling: bypass
diff --git a/tests/tls13-draft19/test.yaml b/tests/tls13-draft19/test.yaml
new file mode 100644
index 000000000..09017bf19
--- /dev/null
+++ b/tests/tls13-draft19/test.yaml
@@ -0,0 +1,38 @@
+min-version: 4.1.0
+
+requires:
+  features:
+    - HAVE_LIBJANSSON
+    - HAVE_NSS
+
+args:
+  - -k none
+
+checks:
+
+  - filter:
+      count: 1
+      match:
+        event_type: tls
+        tls.sni: "localhost"
+        tls.version: "TLS 1.3 draft-19"
+        tls.ja3.hash: "0e870cb29dd59424064948532781a7f6"
+        tls.ja3.string: "771,4866-255,0-11-10-35-13-22-23-43-45-40,29-23-25-24,0-1-2"
+
+  - filter:
+      count: 1
+      match:
+        event_type: tls
+        tls.sni: "localhost"
+        tls.version: "TLS 1.3 draft-19"
+        tls.ja3.hash: "30e5035b2d6787e7b319f75c36c438fe"
+        tls.ja3.string: "771,4866-255,0-11-10-35-13-22-23-43-45-40-42-41,29-23-25-24,0-1-2"
+
+  - filter:
+      count: 1
+      match:
+        event_type: tls
+        tls.sni: "localhost"
+        tls.version: "TLS 1.3 draft-19"
+        tls.ja3.hash: "e6ae7b5efb58894bd43d6fa73420d267"
+        tls.ja3.string: "771,49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-4866-4867-4865-61-60-53-47-255,0-11-10-35-13-22-23-43-45-40-42-41,29-23-25-24,0-1-2"
diff --git a/tests/tls13-draft19/tls13_draft19.pcapng b/tests/tls13-draft19/tls13_draft19.pcapng
new file mode 100644
index 000000000..4800c51c8
Binary files /dev/null and b/tests/tls13-draft19/tls13_draft19.pcapng differ