[Bro-Dev] Potential of including TLSv1.3 support in Bro 2.5

Aashish Sharma asharma at lbl.gov
Fri Oct 7 17:03:43 PDT 2016

I think the current feature freeze is a self-imposed limit out of coding discipline - but it ok to make exceptions.  Esp since 2.6 would be long way away. 

Risky as it is, It seems like inclusion of this code isn't going to cause any significant problems. FWIW, I can run this branch on my end for until release happens. 


On Fri, Oct 07, 2016 at 02:06:53PM -0700, Johanna Amann wrote:
> I just finished a branch that adds support for TLSv1.3 to Bro (branch
> topic/johanna/tls13, important commit:
> https://github.com/bro/bro/commit/fdef28ce7c3455d43267ab07dbb8ad96c9ea3890).
> What do people think of the idea of adding that patch to the upcoming Bro
> 2.5 release?
> I know that we are quite late in the current release process and that we
> should not really make any feature changes after releasing the beta.  It
> would, however, be neat to be able to support TLSv1.3 starting the moment
> that people actually start to use it; without that support, we will only
> have empty lines in ssl.log for these connections. Furthermore, the
> changes that are needed to support TLSv1.3 have nearly no interaction with
> the code that is used to parse earlier versions of TLS. Even if there are
> problems with the code (or if the on-the-wire format still changes), the
> only thing that should happen is that binpac throws errors. Which is
> exactly what already happens now when throwing TLSv1.3 sessions at the
> current master versions of Bro.
> Thanks,
>  Johanna
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

More information about the bro-dev mailing list