diff --git a/doc/sphinx/convert.py b/doc/sphinx/convert.py index b750ec6f21..680d5f4e36 100755 --- a/doc/sphinx/convert.py +++ b/doc/sphinx/convert.py @@ -50,7 +50,11 @@ def main(): if line.startswith("
"):
                 inpre = True
-                line = "\n::\n\n"
+                line = line.replace("
", "\n::\n\n  ")
+                if line.find("
") > -1:
+                    print("Removing
from end of line.") + line = line.replace("", "") + inpre = False if line.startswith(""): inpre = False diff --git a/doc/sphinx/rules.rst b/doc/sphinx/rules.rst index 42b7a7fe38..88c3773741 100644 --- a/doc/sphinx/rules.rst +++ b/doc/sphinx/rules.rst @@ -16,3 +16,4 @@ Rules rule-lua-scripting adding-your-own-rules live-rule-swap + tls-keywords diff --git a/doc/sphinx/tls-keywords.rst b/doc/sphinx/tls-keywords.rst new file mode 100644 index 0000000000..57a5a80584 --- /dev/null +++ b/doc/sphinx/tls-keywords.rst @@ -0,0 +1,70 @@ +TLS-keywords +============ + +Suricata comes with several rule keywords to match on various properties of TLS/SSL handshake. Matches are string inclusion matches. + +tls.version +----------- + +Match on negotiated TLS/SSL version. + +Example values: "1.0", "1.1", "1.2" + +Support added in Suricata version 1.3. + +tls.subject +----------- + +Match TLS/SSL certificate Subject field. + +example: + + +:: + + tls.subject:"CN=*.googleusercontent.com" + +Support added in Suricata version 1.3. + +Case sensitve, can't use 'nocase'. + +tls.issuerdn +------------ + +match TLS/SSL certificate IssuerDN field + +example: + + +:: + + tls.issuerdn:!"CN=Google-Internet-Authority" + +Support added in Suricata version 1.3. + +Case sensitve, can't use 'nocase'. + +tls.fingerprint +--------------- + +match TLS/SSL certificate SHA1 fingerprint + +example: + + +:: + + tls.fingerprint:!"f3:40:21:48:70:2c:31:bc:b5:aa:22:ad:63:d6:bc:2e:b3:46:e2:5a" + +Support added in Suricata version 1.4. + +Case sensitive, can't use 'nocase'. + +The tls.fingerprint buffer is lower case so you must use lower case letters for this to match. + +tls.store +--------- + +store TLS/SSL certificate on disk + +Support added in Suricata version 1.4.