Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 11:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/scripts/base
History
Johanna Amann 1ede6bf7fe Add TLS 1.3 fix and testcase. 
It turns out that Chrome supports an experimental mode to support TLS
1.3, which uses a non-standard way to negotiate TLS 1.3 with a server.
This non-standard way to negotiate TLS 1.3 breaks the current draft RFC
and re-uses an extension on the server-side with a different binary
formatting, causing us to throw a binpac exception.

This patch ignores the extension when sent by the server, continuing to
correctly parse the server_hello reply (as far as possible).

From what I can tell this seems to be google working around the fact
that MITM equipment cannot deal with TLS 1.3 server hellos; this change
makes the fact that TLS 1.3 is used completely opaque unless one looks
into a few extensions.

We currently log this as TLS 1.2.
2017-09-09 22:25:49 -07:00
..
files SCT: Allow verification of SCTs in Certs. 2017-03-29 09:17:24 -07:00
frameworks Fix a netcontrol test that often fails 2017-08-07 16:26:17 -05:00
misc Fix at_least in Version.bro. 2017-06-05 15:16:41 -07:00
protocols Add TLS 1.3 fix and testcase. 2017-09-09 22:25:49 -07:00
utils Fix to_json() to not lose precision for values of type double 2017-02-02 13:03:05 -06:00