mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
1ede6bf7fe
It turns out that Chrome supports an experimental mode to support TLS 1.3, which uses a non-standard way to negotiate TLS 1.3 with a server. This non-standard way to negotiate TLS 1.3 breaks the current draft RFC and re-uses an extension on the server-side with a different binary formatting, causing us to throw a binpac exception. This patch ignores the extension when sent by the server, continuing to correctly parse the server_hello reply (as far as possible). From what I can tell this seems to be google working around the fact that MITM equipment cannot deal with TLS 1.3 server hellos; this change makes the fact that TLS 1.3 is used completely opaque unless one looks into a few extensions. We currently log this as TLS 1.2. |
||
|---|---|---|
| .. | ||
| basic.test | ||
| common_name.test | ||
| cve-2015-3194.test | ||
| dhe.test | ||
| dpd.test | ||
| dtls-stun-dpd.test | ||
| dtls.test | ||
| ecdhe.test | ||
| ecdsa.test | ||
| fragment.test | ||
| handshake-events.test | ||
| ocsp-http-get.test | ||
| ocsp-request-only.test | ||
| ocsp-request-response.test | ||
| ocsp-response-only.test | ||
| ocsp-revoked.test | ||
| ocsp-stapling.test | ||
| signed_certificate_timestamp.test | ||
| tls-1.2-ciphers.test | ||
| tls-1.2-handshake-failure.test | ||
| tls-1.2-random.test | ||
| tls-1.2.test | ||
| tls-extension-events.test | ||
| tls13-experiment.test | ||
| tls13.test | ||
| x509_extensions.test | ||