Has anyone done any work on upgrading Bro to support HTTP/2? If so I'm very interested in what might have been done and/or what is being done?

I don’t believe anyone’s done any work on this. From what I can tell, most implementations (at least IE, Firefox, and Chrome) are only supporting HTTP/2.0 over TLS. If that trend continues, the only changes to Bro might just be ensuring that the SSL analyzer would work with it.


I was under the impression the spec was still being drafted.


It’s basically done.

Implementations and real world use are starting to show up all over the place. If you’d like to dig around and find evidence of http/2 being used unencrypted, that could be a huge motivator for someone to take it on.

Thanks to google, this space is even more muddied than just HTTP/2. They have a new protocol named QUIC that is yet another pain to support, and this protocol is also already in use when Chrome connects to a number of Google properties.



Ok, thanks for the feedback. I've got some colleagues looking for samples. I may be enticed to take this on depending on what we find.