<div dir="ltr"><div></div><div>It strikes me that as Bro development marches on, package maintainers don&#39;t have great choices in terms of maintaining compatibility with multiple Bro versions. For JA3, to maintain compatibility, you have to do something like this, due to the SSL event change:<br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><span class="pl-k">@</span><span class="pl-k">if</span> ( Version::at_least(<span class="pl-s"><span class="pl-pds">&quot;</span>2.6<span class="pl-pds">&quot;</span></span>) )
      
      
        <table class="highlight tab-size js-file-line-container"><tbody><tr><td id="LC73" class="blob-code blob-code-inner js-file-line"><span class="pl-k">event</span> ssl_client_hello(c: connection, version: <span class="pl-k">count</span>, record_version:<span class="pl-k">count</span>, possible_ts: <span class="pl-k">time</span>, client_random: <span class="pl-k">string</span>, session_id: <span class="pl-k">string</span>, ciphers: <span class="pl-bu">index_vec</span>, comp_methods: <span class="pl-k">vector of count</span>) <span class="pl-k">&amp;priority</span><span class="pl-k">=</span><span class="pl-c1">1</span></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="highlight tab-size js-file-line-container"><tbody><tr><td id="LC74" class="blob-code blob-code-inner js-file-line"><span class="pl-k">@</span><span class="pl-k">else</span></td>
      </tr>
      <tr>
        </tr></tbody></table><table class="highlight tab-size js-file-line-container"><tbody><tr><td id="LC75" class="blob-code blob-code-inner js-file-line"><span class="pl-k">event</span> ssl_client_hello(c: connection, version: <span class="pl-k">count</span>, possible_ts: <span class="pl-k">time</span>, client_random: <span class="pl-k">string</span>, session_id: <span class="pl-k">string</span>, ciphers: <span class="pl-bu">index_vec</span>) <span class="pl-k">&amp;priority</span><span class="pl-k">=</span><span class="pl-c1">1</span></td>
      </tr>
      <tr>
        </tr></tbody></table><span class="pl-k">@</span><span class="pl-k">endif</span></div></blockquote><div><br></div><div>That works, but I worry that the overhead of trying to maintain that will grow out of hand. I&#39;m wondering if there&#39;s a better mechanism for this. A naive approach might be to include an option in the package metadata, which specifies minimum/maximum Bro versions that it requires. The installer, then, would simply install the latest version that supports your Bro version.  <br></div><div><br></div><div>I don&#39;t want to overcomplicate things, but it does feel like there&#39;s a mechanism that&#39;s currently missing.<br></div><div><br></div><div>Any other thoughts?</div><div><br></div><div>  --Vlad<br></div><div> </div></div>