Suricata

According to the documentation it is possible to match on “1.0”, “1.1”, “1.2” with tls.version (http://suricata.readthedocs.io/en/latest/rules/tls-keywords.html).

I propose to
a) allow negation for this keyword, i.e. alert on all version that are NOT 1.2 for example
or
b) allow some kind of comparison with >, <, <=, >= (with would probably need some ordered table with the versions, as the version can also be SSL.

Also (at least in the case of b)) there should be a solution to cover tls.version "UNDETERMINED"