I just finished a branch that adds support for TLSv1.3 to Bro (branch topic/johanna/tls13, important commit: https://github.com/bro/bro/commit/fdef28ce7c3455d43267ab07dbb8ad96c9ea3890).
What do people think of the idea of adding that patch to the upcoming Bro 2.5 release? I know that we are quite late in the current release process and that we should not really make any feature changes after releasing the beta. It would, however, be neat to be able to support TLSv1.3 starting the moment that people actually start to use it; without that support, we will only have empty lines in ssl.log for these connections. Furthermore, the changes that are needed to support TLSv1.3 have nearly no interaction with the code that is used to parse earlier versions of TLS. Even if there are problems with the code (or if the on-the-wire format still changes), the only thing that should happen is that binpac throws errors. Which is exactly what already happens now when throwing TLSv1.3 sessions at the current master versions of Bro. Thanks, Johanna _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
