From d9633ac6e927a82a98b126667de19283900a4eff Mon Sep 17 00:00:00 2001
From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Fri, 26 Apr 2024 12:58:29 +0530
Subject: [PATCH] tls/random: improve rules w direction

---
 tests/tls/tls-random/test.rules | 12 ++++++------
 tests/tls/tls-random/test.yaml  |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/tests/tls/tls-random/test.rules b/tests/tls/tls-random/test.rules
index 0b82f2c07..0fa10f220 100644
--- a/tests/tls/tls-random/test.rules
+++ b/tests/tls/tls-random/test.rules
@@ -1,7 +1,7 @@
-alert tls any any -> any any (msg:"Test tls.random option CLIENT HELLO"; tls.random; content:"|94 2d 1f ef 57 5d 77 02 07 c2 9d be 24 01 cc f0 5d cd e1 d2 a5 86 9c 4a 3e ee 38 db 55 1a d9 bc|"; sid:1;)
-alert tls any any -> any any (msg:"Test tls.random option SERVER HELLO"; tls.random; content:"|54 f9 fc 15 77 e4 33 d3 2d a8 2e 9d 38 89 7d 5a 26 28 bf b0 98 51 da d9 bd 03 f8 af a2 09 a4 f0|"; sid:2;)
-alert tls any any -> any any (msg:"Test tls.random_time option CLIENT HELLO"; tls.random_time; content:"|94 2d 1f ef|"; sid:3;)
-alert tls any any -> any any (msg:"Test tls.random_time option SERVER HELLO"; tls.random_time; content:"|54 f9 fc 15|"; sid:4;)
-alert tls any any -> any any (msg:"Test tls.random_data option CLIENT HELLO"; tls.random_bytes; content:"|57 5d 77 02 07 c2 9d be 24 01 cc f0 5d cd e1 d2 a5 86 9c 4a 3e ee 38 db 55 1a d9 bc|"; sid:5;)
-alert tls any any -> any any (msg:"Test tls.random_data option SERVER HELLO"; tls.random_bytes; content:"|77 e4 33 d3 2d a8 2e 9d 38 89 7d 5a 26 28 bf b0 98 51 da d9 bd 03 f8 af a2 09 a4 f0|"; sid:6;)
+alert tls any any -> any any (msg:"Test tls.random option CLIENT HELLO"; flow:established,to_server; tls.random; content:"|94 2d 1f ef 57 5d 77 02 07 c2 9d be 24 01 cc f0 5d cd e1 d2 a5 86 9c 4a 3e ee 38 db 55 1a d9 bc|"; sid:1;)
+alert tls any any -> any any (msg:"Test tls.random option SERVER HELLO"; flow:established,to_client; tls.random; content:"|54 f9 fc 15 77 e4 33 d3 2d a8 2e 9d 38 89 7d 5a 26 28 bf b0 98 51 da d9 bd 03 f8 af a2 09 a4 f0|"; sid:2;)
+alert tls any any -> any any (msg:"Test tls.random_time option CLIENT HELLO"; flow:established,to_server; tls.random_time; content:"|94 2d 1f ef|"; sid:3;)
+alert tls any any -> any any (msg:"Test tls.random_time option SERVER HELLO"; flow:established,to_client; tls.random_time; content:"|54 f9 fc 15|"; sid:4;)
+alert tls any any -> any any (msg:"Test tls.random_data option CLIENT HELLO"; flow:established,to_server; tls.random_bytes; content:"|57 5d 77 02 07 c2 9d be 24 01 cc f0 5d cd e1 d2 a5 86 9c 4a 3e ee 38 db 55 1a d9 bc|"; sid:5;)
+alert tls any any -> any any (msg:"Test tls.random_data option SERVER HELLO"; flow:established,to_client; tls.random_bytes; content:"|77 e4 33 d3 2d a8 2e 9d 38 89 7d 5a 26 28 bf b0 98 51 da d9 bd 03 f8 af a2 09 a4 f0|"; sid:6;)
 
diff --git a/tests/tls/tls-random/test.yaml b/tests/tls/tls-random/test.yaml
index f441c18e4..e50facbb9 100644
--- a/tests/tls/tls-random/test.yaml
+++ b/tests/tls/tls-random/test.yaml
@@ -1,5 +1,5 @@
 requires:
-  min-version: 7
+  min-version: 8
 
 args:
 - -k none