dadrian
commented
2 years ago I haven't been particularly involved in TLS1.3. If it's in ZCrypto, and someone adds it into ZGrab (is there a PR?), I'd merge it.
Closed mzpqnxow closed 10 months ago
dadrian
commented
2 years ago I haven't been particularly involved in TLS1.3. If it's in ZCrypto, and someone adds it into ZGrab (is there a PR?), I'd merge it.
mzpqnxow
commented
2 years ago I haven't been particularly involved in TLS1.3. If it's in ZCrypto, and someone adds it into ZGrab (is there a PR?), I'd merge it.
Great!
I'm happy to fix up any merge conflicts as a result of drift for the zgrab2 TLS1.3 branch and submit a PR
I'm time starved but it's the least I could do since I contributed practically nothing to the real TLS1.3 branch, aside from adding to/reordering the cipher-suites (for --cipher-suite portable) and proving a flag to flip a bit in the tls.config to allow early renegotiation (for --negotiate-freely)
Thanks
codyprime
commented
2 years ago I've been on vacation the last several days, sorry I haven't chimed in yet! One thing holding up merging TLSv1.3 is feature parity with main. Some of the zcrypto TLS1.3 feature branch changes will cause feature regressions (for instance, lack of heartbleed support), so we'll want to address that prior to merging. I'm still traveling today so a bit out of pocket as far as specific details, but I'll try to compile a list this week of what I know to be the missing features needed for main (or if someone else does, that it great as well).
mzpqnxow
commented
2 years ago I've been on vacation the last several days, sorry I haven't chimed in yet! One thing holding up merging TLSv1.3 is feature parity with main. Some of the zcrypto TLS1.3 feature branch changes will cause feature regressions (for instance, lack of heartbleed support), so we'll want to address that prior to merging
This is exactly what I noticed, accidentally, with a PR to the wrong branch :>
I'm still traveling today so a bit out of pocket as far as specific details, but I'll try to compile a list this week of what I know to be the missing features needed for main (or if someone else does, that it great as well).
I'm always happy to pitch in but I'm exceptionally busy lately. Either way- would you like to track that in this issue? I can at least put together the high level info (I think) without too much effort
mzpqnxow
commented
10 months ago This happened a long time ago, thanks to those who worked on it!
I apologize if I already asked this in a separate issue- I was unable to find it, though I recall drafting it up a while back. Maybe I got busy before I submitted it...
My question is probably aimed most appropriately at @dadrian ...
Are there any plans to merge TLS1.3 into master soon? It seems like now may be an appropriate time; zcrypto has merged the foundational TLS1.3 work into master, and the TLS1.3 branch of zgrab2 has had quite a bit of testing and seems stable and reasonably complete. Personally, I've been using it for at least 6 months or so (and even added #348 to support some behaviors specific to TLS1.3)
Is there any opposition on a philosophical level to doing this? Or is the issue more a matter of resourcing/time? If it's the latter, maybe opening an issue inviting the effort will attract someone. I'm all tied up time-wise but I can try to set aside a day or two
I suspect you're on board for this (maybe with some caveats) but I thought of a few things that justify doing this sooner rather than later. They may be obvious so feel free to stop reading here :)
My main concern (as an occasional contributor and full time user) is feature drift, where PRs are sent to master but not TLS1.3 and vice versa. I do recognize that in the past, maintainers (@codyprime, as one example, and probably you too, @dadrian) seem to be making a good effort at merging changes/PRs in master into TLS1.3- so perhaps the problem is not as serious as I describe. Regardless, merging the two would lift that burden from you
An additional issue, though it doesn't impact me; there are many users missing out on TLS1.3 support itself as well as any features merged exclusively to the TLS1.3 branch- simply because they don't build from source, or if they do, they don't know about that branch. I suspect even the Linux distributions that pride themselves on being "bleeding-edge" and aimed towards individuals who are most likely to be using zgrab2 (e.g. Kali) are building from master
Finally, I should say thanks once more to those involved in the TLS1.3 effort in both zcrypto and zgrab2 (I know @dissoupov did much of the initial work on it in zgrab2)