Has anyone done any work on upgrading Bro to support HTTP/2? If so I'm very interested in what might have been done and/or what is being done?
I don’t believe anyone’s done any work on this. From what I can tell, most implementations (at least IE, Firefox, and Chrome) are only supporting HTTP/2.0 over TLS. If that trend continues, the only changes to Bro might just be ensuring that the SSL analyzer would work with it.
I was under the impression the spec was still being drafted.
It’s basically done. https://http2.github.io/
Implementations and real world use are starting to show up all over the place. If you’d like to dig around and find evidence of http/2 being used unencrypted, that could be a huge motivator for someone to take it on.
Thanks to google, this space is even more muddied than just HTTP/2. They have a new protocol named QUIC that is yet another pain to support, and this protocol is also already in use when Chrome connects to a number of Google properties.
Ok, thanks for the feedback. I've got some colleagues looking for samples. I may be enticed to take this on depending on what we find.