Actions
Feature #2269
openTLS: tls.version: allow negation or comparison
Effort:
low
Difficulty:
low
Label:
Description
According to the documentation it is possible to match on “1.0”, “1.1”, “1.2” with tls.version (http://suricata.readthedocs.io/en/latest/rules/tls-keywords.html).
I propose to
a) allow negation for this keyword, i.e. alert on all version that are NOT 1.2 for example
or
b) allow some kind of comparison with >, <, <=, >= (with would probably need some ordered table with the versions, as the version can also be SSL.
Also (at least in the case of b)) there should be a solution to cover tls.version "UNDETERMINED"
Updated by Andreas Herz over 4 years ago
- Assignee set to Anonymous
- Target version set to TBD
Updated by Victor Julien about 4 years ago
- Effort set to low
- Difficulty set to low
Updated by Philippe Antoine over 1 year ago
- Status changed from New to In Review
Updated by Philippe Antoine about 1 year ago
- Target version changed from TBD to 7.0rc1
Actions