use branch master and feature/tlsv1.3 to scan the same ip+port, the results of secure_renegotiation and scts are different

[chushuai]

Use branch master and feature/tlsv1.3 to scan the same ip+port, The results of secure_renegotiation and scts are different

func TestTls(t *testing.T){
    tests := []string{ "138.201.124.182:10250"}
    for _, test := range tests {
        conn, err := Dial("tcp", test, &Config{
            InsecureSkipVerify: true,
        })
        data, _ := json.Marshal(conn.GetHandshakeLog())
        fmt.Println(string(data))
        if err != nil {
            fmt.Println("failed to connect: " + err.Error())
        }
    }

}

[mzpqnxow]

The tls1.3 branch includes tls1.3 support and also includes other enhancements- anything added to the upstream golang tls code since the (very old) tls implementation was lifted from upstream- at least 5 years ago

This includes (at least) early renegotiation handling. I'm not certain but I believe the portable ciphers profile is also exclusive to the tls1.3 branch for no particular reason aside from the fact that those interested in "better" tls support were using that branch

You can see part of this if you track the zcrypto portion of https://github.com/zmap/zgrab2/pull/334

tl; dr; this is expected behavior as far as I know