From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Mon, 29 Oct 2018 22:03:08 +0000 (+0100)
Subject: userguide: add documentation for ssl_version keyword
X-Git-Tag: suricata-4.1.0~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=be8c06adfdcd362052181e2d6f9dafa0d807f9c5;p=thirdparty%2Fsuricata.git

userguide: add documentation for ssl_version keyword
---

diff --git a/doc/userguide/rules/tls-keywords.rst b/doc/userguide/rules/tls-keywords.rst
index 01517e5025..4afbb88d25 100644
--- a/doc/userguide/rules/tls-keywords.rst
+++ b/doc/userguide/rules/tls-keywords.rst
@@ -133,6 +133,25 @@ Examples::
 The first example matches TLSv1.2, whilst the last example matches TLSv1.3
 draft 16.
 
+ssl_version
+-----------
+
+Match version of SSL/TLS record.
+
+Supported values "sslv2", "sslv3", "tls1.0", "tls1.1", "tls1.2", "tls1.3"
+
+Example::
+
+  alert tls any any -> any any (msg:"match TLSv1.2"; \
+    ssl_version:tls1.2; sid:200030;)
+
+It is also possible to match on several versions at the same time.
+
+Example::
+
+  alert tls any any -> any any (msg:"match SSLv2 and SSLv3"; \
+    ssl_version:sslv2,sslv3; sid:200031;)
+
 tls.subject
 -----------