Pull in the latest version of the JA4 spec for compliance comments.
This PR primarily just updates compliance comments, but the new spec does come with two behavior changes:
Empty strings are set to a string of zeroes rather than hashed
The version "s1" (SSLv1) is removed, meaning that SSLv1 would now be considered unknown / "00". That shouldn't really matter since s2n-tls doesn't support sslv1.
Call-outs:
Let me know if the diff is too confusing. I can always update the spec first, then make us compliant with the updated spec in a separate PR. But manual review of the spec changes isn't really important, since duvet will fail to generate the compliance report if the spec files don't match what it pulls down from the url.
You can see a diff of the spec in the original repo here.
Testing:
Duvet checks that the specs and compliance comments match the remote. I have almost full coverage (I'm just missing a test for grease values being ignored everywhere, and I'm not sure that's reasonably testable).
Existing tests pass. I added tests for the new empty list cases, and updated the version test to reflect the sslv1 change.
I added a new pcap, but it can't really be used until tshark updates.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Description of changes:
Pull in the latest version of the JA4 spec for compliance comments.
This PR primarily just updates compliance comments, but the new spec does come with two behavior changes:
Call-outs:
Let me know if the diff is too confusing. I can always update the spec first, then make us compliant with the updated spec in a separate PR. But manual review of the spec changes isn't really important, since duvet will fail to generate the compliance report if the spec files don't match what it pulls down from the url.
You can see a diff of the spec in the original repo here.
Testing:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.