Add TLS 1.3 fix and testcase.

It turns out that Chrome supports an experimental mode to support TLS 1.3, which uses a non-standard way to negotiate TLS 1.3 with a server. This non-standard way to negotiate TLS 1.3 breaks the current draft RFC and re-uses an extension on the server-side with a different binary formatting, causing us to throw a binpac exception. This patch ignores the extension when sent by the server, continuing to correctly parse the server_hello reply (as far as possible). From what I can tell this seems to be google working around the fact that MITM equipment cannot deal with TLS 1.3 server hellos; this change makes the fact that TLS 1.3 is used completely opaque unless one looks into a few extensions. We currently log this as TLS 1.2.
2025-10-14 20:48:21 +00:00 · 2017-09-09 22:25:49 -07:00 · 2017-09-09 22:25:49 -07:00 · 1ede6bf7fe
commit 1ede6bf7fe
parent 5efaaf1368
5 changed files with 33 additions and 1 deletions
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls13-experiment/.stdout
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls13-experiment/.stdout
@ -0,0 +1 @@
+7e01
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.tls13-experiment/ssl.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.tls13-experiment/ssl.log
@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	ssl
+#open	2017-09-10-05-23-15
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	version	cipher	curve	server_name	resumed	last_alert	next_protocol	established	cert_chain_fuids	client_cert_chain_fuids	subject	issuer	client_subject	client_issuer
+#types	time	string	addr	port	addr	port	string	string	string	string	bool	string	string	bool	vector[string]	vector[string]	string	string	string	string
+1505019126.007778	CHhAvVGS1DHFjwGM9	192.168.0.2	62873	104.196.219.53	443	TLSv12	TLS_AES_128_GCM_SHA256	x25519	tls.ctf.network	T	-	-	T	-	-	-	-	-	-
+#close	2017-09-10-05-23-16