Hello, welcome to the Thursday, September 10th, 2020 edition of the Sandsenert Storms anders

Stormcast. My name is Johannes Ulrich, and the time recording from Jacksonville, Florida.

Well, today I took a little bit time to take a look at network traffic from MacOS 11, the up-and-coming version of Apple's operating system.

It's available as an open beta so anybody can download it and play with it.

And I mostly took a look at network traffic to see if there's anything odd or interesting.

Nothing really all that different from prior versions of macOS. What I sort of found probably the most interesting

is the additional use of crease in TLS Clined Hellos. Now, crease is a feature in TLS that's somewhat new and kind of intended

to weed out non-compliant implementations. In TLS, a server or declined is essentially

supposed to ignore unrecognized options that the other side sends.

So if the other side offers a cipher that doesn't exist or a TLS version that doesn't

exist, well, you're just supposed to ignore it.

And the reason for this is to future-proof your implementation.

So if an option is later introduced or a new TLS version,

that your implementation is still able to deal with that new version.

Well, in the past, that wasn't done right often.

So what TLS started to do is to introduce essentially sort of random non-existing

options and that's usually referred to as Greece. Now so far you may have seen this, for example,

as ciphers. If you see a cipher, wire sharks sort of nicely calls them Greece.

But what macOS 11 does, it also adds a random TLS version.

So you may want to take a quick look at this if you're doing TLS intercept to make sure this is not causing any problems for whatever solution

you have implemented.

Greece is defined in RFC 8701, so it is an official standard.

...