<div dir="ltr"><div><div>Well, I should point out that Cloudflare enabled it a couple of weeks ago: <a href="https://blog.cloudflare.com/introducing-tls-1-3/">https://blog.cloudflare.com/introducing-tls-1-3/</a><br><br></div>I was able to connect with my usual browser and grab a PCAP (after setting the option in about:config). It seems to run just fine against the branch (attached, in case it's of any use).<br><br></div>Is there any way to detect TLS 1.3 with git master? I wouldn't expect to see any, but I've been surprised once or twice before. I ran the PCAP against master, and while I did get an ssl.log, I didn't see anything in there that would indicate it's TLS1.3.<br><div><br></div><div> --Vlad<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 7, 2016 at 7:18 PM, Johanna Amann <span dir="ltr"><<a href="mailto:johanna@icir.org" target="_blank">johanna@icir.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I would be happy if you test this branch - however, you are actually<br>
unlikely to trigger the new code paths. TLS 1.3 is still in the<br>
development stage, so much that I doubt that you will even encounter a<br>
single connection that uses it. At the moment, you have to enable it by<br>
hand in the development edition of browsers, and more or less compile<br>
your own server that is able to speak it.<br>
<br>
(That being said, I am quite confident the on-the-wire format won't<br>
change significantly enough anymore that the new analyzer won't be able<br>
to parse it.)<br>
<span class="HOEnZb"><font color="#888888"><br>
Johanna<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
On 7 Oct 2016, at 17:03, Aashish Sharma wrote:<br>
<br>
> I think the current feature freeze is a self-imposed limit out of<br>
> coding discipline - but it ok to make exceptions. Esp since 2.6 would<br>
> be long way away.<br>
><br>
> Risky as it is, It seems like inclusion of this code isn't going to<br>
> cause any significant problems. FWIW, I can run this branch on my end<br>
> for until release happens.<br>
><br>
> Aashish<br>
><br>
> On Fri, Oct 07, 2016 at 02:06:53PM -0700, Johanna Amann wrote:<br>
>> I just finished a branch that adds support for TLSv1.3 to Bro (branch<br>
>> topic/johanna/tls13, important commit:<br>
>> <a href="https://github.com/bro/bro/commit/fdef28ce7c3455d43267ab07dbb8ad96c9ea3890" rel="noreferrer" target="_blank">https://github.com/bro/bro/<wbr>commit/<wbr>fdef28ce7c3455d43267ab07dbb8ad<wbr>96c9ea3890</a>).<br>
>><br>
>> What do people think of the idea of adding that patch to the upcoming<br>
>> Bro<br>
>> 2.5 release?<br>
>><br>
>> I know that we are quite late in the current release process and that<br>
>> we<br>
>> should not really make any feature changes after releasing the beta.<br>
>> It<br>
>> would, however, be neat to be able to support TLSv1.3 starting the<br>
>> moment<br>
>> that people actually start to use it; without that support, we will<br>
>> only<br>
>> have empty lines in ssl.log for these connections. Furthermore, the<br>
>> changes that are needed to support TLSv1.3 have nearly no interaction<br>
>> with<br>
>> the code that is used to parse earlier versions of TLS. Even if there<br>
>> are<br>
>> problems with the code (or if the on-the-wire format still changes),<br>
>> the<br>
>> only thing that should happen is that binpac throws errors. Which is<br>
>> exactly what already happens now when throwing TLSv1.3 sessions at<br>
>> the<br>
>> current master versions of Bro.<br>
>><br>
>> Thanks,<br>
>> Johanna<br>
>> ______________________________<wbr>_________________<br>
>> bro-dev mailing list<br>
>> <a href="mailto:bro-dev@bro.org">bro-dev@bro.org</a><br>
>> <a href="http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev" rel="noreferrer" target="_blank">http://mailman.icsi.berkeley.<wbr>edu/mailman/listinfo/bro-dev</a><br>
><br>
______________________________<wbr>_________________<br>
bro-dev mailing list<br>
<a href="mailto:bro-dev@bro.org">bro-dev@bro.org</a><br>
<a href="http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev" rel="noreferrer" target="_blank">http://mailman.icsi.berkeley.<wbr>edu/mailman/listinfo/bro-dev</a><br>
</div></div></blockquote></div><br></div>