[Bro-Dev] Potential of including TLSv1.3 support in Bro 2.5

Johanna Amann johanna at icir.org
Fri Oct 7 14:06:53 PDT 2016

I just finished a branch that adds support for TLSv1.3 to Bro (branch
topic/johanna/tls13, important commit:

What do people think of the idea of adding that patch to the upcoming Bro
2.5 release?

I know that we are quite late in the current release process and that we
should not really make any feature changes after releasing the beta.  It
would, however, be neat to be able to support TLSv1.3 starting the moment
that people actually start to use it; without that support, we will only
have empty lines in ssl.log for these connections. Furthermore, the
changes that are needed to support TLSv1.3 have nearly no interaction with
the code that is used to parse earlier versions of TLS. Even if there are
problems with the code (or if the on-the-wire format still changes), the
only thing that should happen is that binpac throws errors. Which is
exactly what already happens now when throwing TLSv1.3 sessions at the
current master versions of Bro.


More information about the bro-dev mailing list