From 8ff05bae1bef5d834e269653d0360ec32a17c4a1 Mon Sep 17 00:00:00 2001
From: Johanna Amann <johanna@icir.org>
Date: Wed, 20 Jan 2021 14:14:47 +0000
Subject: [PATCH] Update SSL consts

There have been a bunch of mostly TLS 1.3 related changes.
---
 scripts/base/protocols/ssl/consts.zeek | 36 +++++++++++++++++++-------
 1 file changed, 26 insertions(+), 10 deletions(-)

diff --git a/scripts/base/protocols/ssl/consts.zeek b/scripts/base/protocols/ssl/consts.zeek
index 0b642ecdd7..fb11ca22b5 100644
--- a/scripts/base/protocols/ssl/consts.zeek
+++ b/scripts/base/protocols/ssl/consts.zeek
@@ -167,7 +167,7 @@ export {
 	const SSL_EXTENSION_TOKEN_BINDING = 24;
 	const SSL_EXTENSION_CACHED_INFO = 25;
 	const SSL_EXTENSION_SESSIONTICKET_TLS = 35;
-	const SSL_EXTENSION_KEY_SHARE = 40;
+	const SSL_EXTENSION_KEY_SHARE_OLD = 40;
 	const SSL_EXTENSION_PRE_SHARED_KEY = 41;
 	const SSL_EXTENSION_EARLY_DATA = 42;
 	const SSL_EXTENSION_SUPPORTED_VERSIONS = 43;
@@ -176,6 +176,14 @@ export {
 	const SSL_EXTENSION_TICKETEARLYDATAINFO = 46;
 	const SSL_EXTENSION_CERTIFICATE_AUTHORITIES = 47;
 	const SSL_EXTENSION_OID_FILTERS = 48;
+	const SSL_EXTENSION_POST_HANDSHAKE_AUTH = 49;
+	const SSL_EXTENSION_SIGNATURE_ALGORITHMS_CERT = 50;
+	const SSL_EXTENSION_KEY_SHARE = 51;
+	const SSL_EXTENSION_TRANSPARENCY_INFO = 52;
+	const SSL_EXTENSION_CONNECTION_ID = 53;
+	const SSL_EXTENSION_EXTERNAL_ID_HASH = 55;
+	const SSL_EXTENSION_EXTERNAL_SESSION_ID = 56;
+	const SSL_EXTENSION_QUIC_TRANSPORT_PARAMETERS = 57;
 	const SSL_EXTENSION_NEXT_PROTOCOL_NEGOTIATION = 13172;
 	const SSL_EXTENSION_ORIGIN_BOUND_CERTIFICATES = 13175;
 	const SSL_EXTENSION_ENCRYPTED_CLIENT_CERTIFICATES = 13180;
@@ -216,15 +224,23 @@ export {
 		[24] = "token_binding", # temporary till 2017-03-06 - draft-ietf-tokbind-negotiation
 		[25] = "cached_info",
 		[35] = "SessionTicket TLS",
-		[40] = "key_share", # new for TLS 1.3; was used for extended_random before. State as of TLS 1.3 draft 16
-		[41] = "pre_shared_key", # new for 1.3, state of draft-16
-		[42] = "early_data", # new for 1.3, state of draft-16
-		[43] = "supported_versions", # new for 1.3, state of draft-16
-		[44] = "cookie", # new for 1.3, state of draft-16
-		[45] = "psk_key_exchange_modes", # new for 1.3, state of draft-18
-		[46] = "TicketEarlyDataInfo", # new for 1.3, state of draft-16
-		[47] = "certificate_authorities", # new for 1.3, state of draft-18
-		[48] = "oid_filters", # new for 1.3, state of draft-18
+		[40] = "key_share_old", # new for TLS 1.3, used in some of the drafts. Did not make it into the RFC. Was used for extended_random before.
+		[41] = "pre_shared_key", # new for 1.3, see RFC 8446
+		[42] = "early_data", # new for 1.3, see RFC 8446
+		[43] = "supported_versions", # new for 1.3, see RFC 8446
+		[44] = "cookie", # new for 1.3, see RFC 8446
+		[45] = "psk_key_exchange_modes", # new for 1.3, see RFC 8446
+		[46] = "TicketEarlyDataInfo", # new for 1.3 drafts, e.g. draft-16. Did not make it into the final RFC
+		[47] = "certificate_authorities", # new for 1.3, see RFC 8446
+		[48] = "oid_filters", # new for 1.3, see RFC 8446
+		[49] = "post_handshake_auth", # new for 1.3, see RFC 8446
+		[50] = "signature_algorithms_cert", # new for 1.3, see RFC 8446
+		[51] = "key_share", # new for 1.3, see RFC 8446
+		[52] = "transparency_info", # temporary - draft-ietf-trans-rfc6962-bis-34
+		[53] = "connection_id", # temporary -d draft-ietf-tls-dtls-connection-id
+		[55] = "external_id_hash", # temporary - RFC-ietf-mmusic-sdp-uks-07
+		[56] = "external_session_id", # temporary - RFC-ietf-mmusic-sdp-uks-07
+		[57] = "quic_transport_parameters", # temporary - draft-ietf-quic-tls-32
 		[13172] = "next_protocol_negotiation",
 		[13175] = "origin_bound_certificates",
 		[13180] = "encrypted_client_certificates",