Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 05:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/scripts
History
Johanna Amann 1ede6bf7fe Add TLS 1.3 fix and testcase. 
It turns out that Chrome supports an experimental mode to support TLS
1.3, which uses a non-standard way to negotiate TLS 1.3 with a server.
This non-standard way to negotiate TLS 1.3 breaks the current draft RFC
and re-uses an extension on the server-side with a different binary
formatting, causing us to throw a binpac exception.

This patch ignores the extension when sent by the server, continuing to
correctly parse the server_hello reply (as far as possible).

From what I can tell this seems to be google working around the fact
that MITM equipment cannot deal with TLS 1.3 server hellos; this change
makes the fact that TLS 1.3 is used completely opaque unless one looks
into a few extensions.

We currently log this as TLS 1.2.
2017-09-09 22:25:49 -07:00
..
base Add TLS 1.3 fix and testcase. 2017-09-09 22:25:49 -07:00
policy OCSP/TLS/SCT: Fix a number of test failures. 2017-05-06 08:01:20 -07:00
site Update local-compat test for 2.5 2016-08-17 10:38:18 -07:00
check-test-all-policy.bro Reorganizing btest/policy directory to match new scripts/ organization 2011-08-11 10:43:11 -05:00