[Bro-Dev] Potential of including TLSv1.3 support in Bro 2.5
Vlad Grigorescu
vlad at grigorescu.org
Sat Oct 8 17:38:39 PDT 2016
Well, I should point out that Cloudflare enabled it a couple of weeks ago:
https://blog.cloudflare.com/introducing-tls-1-3/
I was able to connect with my usual browser and grab a PCAP (after setting
the option in about:config). It seems to run just fine against the branch
(attached, in case it's of any use).
Is there any way to detect TLS 1.3 with git master? I wouldn't expect to
see any, but I've been surprised once or twice before. I ran the PCAP
against master, and while I did get an ssl.log, I didn't see anything in
there that would indicate it's TLS1.3.
--Vlad
On Fri, Oct 7, 2016 at 7:18 PM, Johanna Amann <johanna at icir.org> wrote:
> I would be happy if you test this branch - however, you are actually
> unlikely to trigger the new code paths. TLS 1.3 is still in the
> development stage, so much that I doubt that you will even encounter a
> single connection that uses it. At the moment, you have to enable it by
> hand in the development edition of browsers, and more or less compile
> your own server that is able to speak it.
>
> (That being said, I am quite confident the on-the-wire format won't
> change significantly enough anymore that the new analyzer won't be able
> to parse it.)
>
> Johanna
>
> On 7 Oct 2016, at 17:03, Aashish Sharma wrote:
>
> > I think the current feature freeze is a self-imposed limit out of
> > coding discipline - but it ok to make exceptions. Esp since 2.6 would
> > be long way away.
> >
> > Risky as it is, It seems like inclusion of this code isn't going to
> > cause any significant problems. FWIW, I can run this branch on my end
> > for until release happens.
> >
> > Aashish
> >
> > On Fri, Oct 07, 2016 at 02:06:53PM -0700, Johanna Amann wrote:
> >> I just finished a branch that adds support for TLSv1.3 to Bro (branch
> >> topic/johanna/tls13, important commit:
> >> https://github.com/bro/bro/commit/fdef28ce7c3455d43267ab07dbb8ad
> 96c9ea3890).
> >>
> >> What do people think of the idea of adding that patch to the upcoming
> >> Bro
> >> 2.5 release?
> >>
> >> I know that we are quite late in the current release process and that
> >> we
> >> should not really make any feature changes after releasing the beta.
> >> It
> >> would, however, be neat to be able to support TLSv1.3 starting the
> >> moment
> >> that people actually start to use it; without that support, we will
> >> only
> >> have empty lines in ssl.log for these connections. Furthermore, the
> >> changes that are needed to support TLSv1.3 have nearly no interaction
> >> with
> >> the code that is used to parse earlier versions of TLS. Even if there
> >> are
> >> problems with the code (or if the on-the-wire format still changes),
> >> the
> >> only thing that should happen is that binpac throws errors. Which is
> >> exactly what already happens now when throwing TLSv1.3 sessions at
> >> the
> >> current master versions of Bro.
> >>
> >> Thanks,
> >> Johanna
> >> _______________________________________________
> >> bro-dev mailing list
> >> bro-dev at bro.org
> >> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
> >
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20161008/b9d08f22/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tls13draft16-firefoxdevedition51.0a2-cloudflare.pcap
Type: application/octet-stream
Size: 119578 bytes
Desc: not available
Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20161008/b9d08f22/attachment-0001.obj
More information about the bro-dev
mailing list