From be8c06adfdcd362052181e2d6f9dafa0d807f9c5 Mon Sep 17 00:00:00 2001
From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Mon, 29 Oct 2018 23:03:08 +0100
Subject: [PATCH] userguide: add documentation for ssl_version keyword

---
 doc/userguide/rules/tls-keywords.rst | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/doc/userguide/rules/tls-keywords.rst b/doc/userguide/rules/tls-keywords.rst
index 01517e5025..4afbb88d25 100644
--- a/doc/userguide/rules/tls-keywords.rst
+++ b/doc/userguide/rules/tls-keywords.rst
@@ -133,6 +133,25 @@ Examples::
 The first example matches TLSv1.2, whilst the last example matches TLSv1.3
 draft 16.
 
+ssl_version
+-----------
+
+Match version of SSL/TLS record.
+
+Supported values "sslv2", "sslv3", "tls1.0", "tls1.1", "tls1.2", "tls1.3"
+
+Example::
+
+  alert tls any any -> any any (msg:"match TLSv1.2"; \
+    ssl_version:tls1.2; sid:200030;)
+
+It is also possible to match on several versions at the same time.
+
+Example::
+
+  alert tls any any -> any any (msg:"match SSLv2 and SSLv3"; \
+    ssl_version:sslv2,sslv3; sid:200031;)
+
 tls.subject
 -----------
 
-- 
2.47.2