Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/testing/btest/Traces/tls
History
Johanna Amann 1ede6bf7fe Add TLS 1.3 fix and testcase. 
It turns out that Chrome supports an experimental mode to support TLS
1.3, which uses a non-standard way to negotiate TLS 1.3 with a server.
This non-standard way to negotiate TLS 1.3 breaks the current draft RFC
and re-uses an extension on the server-side with a different binary
formatting, causing us to throw a binpac exception.

This patch ignores the extension when sent by the server, continuing to
correctly parse the server_hello reply (as far as possible).

From what I can tell this seems to be google working around the fact
that MITM equipment cannot deal with TLS 1.3 server hellos; this change
makes the fact that TLS 1.3 is used completely opaque unless one looks
into a few extensions.

We currently log this as TLS 1.2.
2017-09-09 22:25:49 -07:00
..
cert-no-cn.pcap
certificate-with-sct.pcap Add parsing of signed certificate timestamps out of X.509 certs. 2017-02-07 13:31:21 -08:00
chrome-34-google.trace
chrome-63.0.3211.0-canary-tls_experiment.pcap Add TLS 1.3 fix and testcase. 2017-09-09 22:25:49 -07:00
CVE-2015-3194.pcap Add testcase for CVE-2015-3194 2016-01-19 14:45:52 -08:00
dhe.pcap
dtls-openssl.pcap
ecdhe.pcap
ecdsa-cert.pcap
google-duplicate.trace
heartbleed-encrypted-short.pcap
heartbleed-encrypted-success.pcap
heartbleed-encrypted.pcap
heartbleed-success.pcap
heartbleed.pcap
imap-starttls.pcap
irc-starttls.pcap
missing-intermediate.pcap
ocsp-http-get.pcap
ocsp-request-only.pcap
ocsp-request-response.pcap
ocsp-response-only.pcap
ocsp-revoked.pcap
ocsp-stapling-digicert.trace
ocsp-stapling-twimg.trace
ocsp-stapling.trace
pop3-starttls.pcap
signed_certificate_timestamp-2.pcap SCT: Add signed certificate timestamp validation script. 2017-03-29 09:17:30 -07:00
signed_certificate_timestamp.pcap Add support for the signed_certificate_timestamp TLS extension. 2017-02-03 11:23:49 -08:00
smtp-starttls.pcap
ssl-v2.trace
ssl.v3.trace
telesec.pcap Fix parsing of x509 pre-y2k dates 2016-04-26 12:30:28 -07:00
tls-1.2-handshake-failure.trace
tls-13draft19-early-data.pcap SSL: update dpd signature for TLS1.3 2017-04-05 08:58:08 -07:00
tls-conn-with-extensions.trace
tls-early-alert.trace
tls-expired-cert.trace
tls-fragmented-handshake.pcap.gz
tls1.2.trace
tls13draft16-chrome55.0.2879.0-canary-aborted.pcap TLS 1.3 support. 2016-10-07 12:51:43 -07:00
tls13draft16-chrome55.0.2879.0-canary.pcap TLS 1.3 support. 2016-10-07 12:51:43 -07:00
tls13draft16-ff52.a01-aborted.pcap TLS 1.3 support. 2016-10-07 12:51:43 -07:00
tls13draft16-ff52.a01.pcap TLS 1.3 support. 2016-10-07 12:51:43 -07:00
webrtc-stun.pcap DTLS: Fix interaction with STUN 2016-05-17 16:36:46 -07:00
x509-generalizedtime.pcap
xmpp-dialback-starttls.pcap
xmpp-starttls.pcap