Recognize TLS 1.3 negotiation correctly.

The way in which TLS 1.3 is negotiated was changed slightly in later
revisions of the standard. The final version is only sent in an
extension - while the version field in the server hello still shows TLS
1.2.

This patch makes ssl.log show the correct version again.

testing/btest/scripts/base/protocols/ssl/tls13-experiment.test

@@ -8,6 +8,9 @@
 #
 # This only seems to happen with Chrome talking to google servers. We do not recognize this as
 # TLS 1.3, but we do not abort when encountering traffic like this.
+#
+# In the meantime this way of establishing TLS 1.3 was standardized. Still keeping the test even
+# though we parse this correctly now.
 
 event ssl_extension(c: connection, is_orig: bool, code: count, val: string)
 	{

testing/btest/scripts/base/protocols/ssl/tls13-version.test

@@ -0,0 +1,4 @@
+# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+
+# Test that we correctly parse the version out of the extension in an 1.3 connection