Merge remote-tracking branch 'origin/topic/johanna/tls_early_alert'

* origin/topic/johanna/tls_early_alert:
  Extend ssl dpd signature to allow alert before server_hello.

BIT-1496 #merged

scripts/base/protocols/ssl/dpd.sig

@@ -1,7 +1,7 @@
 signature dpd_ssl_server {
   ip-proto == tcp
   # Server hello.
-  payload /^(\x16\x03[\x00\x01\x02\x03]..\x02...\x03[\x00\x01\x02\x03]|...?\x04..\x00\x02).*/
+  payload /^((\x15\x03[\x00\x01\x02\x03]....)?\x16\x03[\x00\x01\x02\x03]..\x02...\x03[\x00\x01\x02\x03]|...?\x04..\x00\x02).*/
   requires-reverse-signature dpd_ssl_client
   enable "ssl"
   tcp-state responder

testing/btest/Baseline/scripts.base.protocols.ssl.dpd/.stdout

@@ -6,3 +6,5 @@ Client hello, 192.150.187.164, 194.127.84.106, 769
 Client hello, 192.150.187.164, 194.127.84.106, 769
 Start test run
 Client hello, 10.0.0.80, 68.233.76.12, 771
+Start test run
+Client hello, 192.168.6.217, 67.207.128.99, 771

testing/btest/scripts/base/protocols/ssl/dpd.test

@@ -1,6 +1,7 @@
 # @TEST-EXEC: bro -C -b -r $TRACES/tls/ssl-v2.trace %INPUT
 # @TEST-EXEC: bro -b -r $TRACES/tls/ssl.v3.trace %INPUT
 # @TEST-EXEC: bro -b -r $TRACES/tls/tls1.2.trace %INPUT
+# @TEST-EXEC: bro -b -r $TRACES/tls/tls-early-alert.trace %INPUT
 # @TEST-EXEC: btest-diff .stdout
 
 @load base/frameworks/dpd