Want to subscribe to topics you're interested in?
Become a Member

Security Changes coming to TLS (TLS v1.3)

Discussion in 'All Internet & Web Performance News' started by eva2000, Apr 6, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    35,617
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,093
    Local Time:
    10:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah hoping Chrome and other browsers add draft 24 soon. Qualys SSL Labs tester is also only on TLS 1.3 draft 18 right now so they need an update too :)
     
  2. bassie

    bassie Active Member

    906
    216
    43
    Apr 29, 2016
    Ratings:
    +640
    Local Time:
    2:25 PM
    • Informative Informative x 2
  3. eva2000

    eva2000 Administrator Staff Member

    35,617
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,093
    Local Time:
    10:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Very nice ! But my official Chrome still on 64 not 65 or do you mean Chrome Canary ?
     
  4. bassie

    bassie Active Member

    906
    216
    43
    Apr 29, 2016
    Ratings:
    +640
    Local Time:
    2:25 PM
     
    • Informative Informative x 1
  5. eva2000

    eva2000 Administrator Staff Member

    35,617
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,093
    Local Time:
    10:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Oh there was a 3rd edition - Chrome beta heh. I only use stable and Canary heh
     
  6. bassie

    bassie Active Member

    906
    216
    43
    Apr 29, 2016
    Ratings:
    +640
    Local Time:
    2:25 PM
    Chrome 65 is stable in 11 days.
    If they roll it out as it is now. TLS 1.3 support with default settings.
     
    • Informative Informative x 1
  7. eva2000

    eva2000 Administrator Staff Member

    35,617
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,093
    Local Time:
    10:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    sweet - 2018 is a good year :D
     
  8. bassie

    bassie Active Member

    906
    216
    43
    Apr 29, 2016
    Ratings:
    +640
    Local Time:
    2:25 PM
    Please note that Nginx with OpenSSL 1.1.1dev TLS 1.3, both master branch and alpha,
    won't work at all on Safari. Pages simply don't load.
    Using TLS 1.3 + TLS 1.2 + TLS 1.1 etc option enabled.

    Despite the fact that the results on i.e. Webpagetest with profile iPhone, Iphone 6+/7+/8+ are fine.
    Because there are quite a lot of safari users, this is a decent blockbuster.
    In short, pay attention! and test everything real life.
     
    Last edited: Feb 25, 2018
    • Informative Informative x 1
  9. eva2000

    eva2000 Administrator Staff Member

    35,617
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,093
    Local Time:
    10:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Ouch yes indeed.. what TLSv1.3 draft is Safari meant to be supporting ?
     
  10. bassie

    bassie Active Member

    906
    216
    43
    Apr 29, 2016
    Ratings:
    +640
    Local Time:
    2:25 PM
    As far as I can figure out draft 18, disabled by default.

    Caniuse does speak of none TLS 1.3 Safari support.
    Chrome, Opera, Firefox. It all work fine.

    Even if the browser won't support TLS 1.3, it is neatly forwarded to TLS 1.2.
    Safari and of course Microsoft Internet Explorer and Edge give problems.

    I did not go into it deeply, but because most browsers just work properly.
    It seems to me that the affected browsers, have difficulties with TLS.
    If there is TLS enabled which they do not recognize and do not divert correctly to fall back.

    How or what you want. OpenSSL with TLS 1.3 is not production ready.
    Even though it could be the stable release. As a hypothesis.

    Given the fact that your site become useless on Safari, Edge and Internet Explorer.
    Unfortunately, both have a decent user group
     
    • Informative Informative x 1
  11. eva2000

    eva2000 Administrator Staff Member

    35,617
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,093
    Local Time:
    10:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Indeed.. work in progress it seems to TLS v1.3
     
  12. bassie

    bassie Active Member

    906
    216
    43
    Apr 29, 2016
    Ratings:
    +640
    Local Time:
    2:25 PM
    Chrome 65 stable with TLS 1.3 in 5 days and counting!
     
    • Like Like x 1
    • Informative Informative x 1
  13. eva2000

    eva2000 Administrator Staff Member

    35,617
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,093
    Local Time:
    10:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    cheers mate ... something else to look forward to :D

    Though the percentage of folks using Nginx 1.13 is pretty small compared to Nginx 1.10 and 1.12. I think Centmin Mod users might make up the large majority of Nginx 1.13 users world wide LOL :D
     
  14. bassie

    bassie Active Member

    906
    216
    43
    Apr 29, 2016
    Ratings:
    +640
    Local Time:
    2:25 PM
    Chrome 65 stable with TLS 1.3 in 1 day (Europe time) and counting!
    Tuesday is the day.
     
    • Like Like x 1
  15. eva2000

    eva2000 Administrator Staff Member

    35,617
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,093
    Local Time:
    10:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Will be interesting to see also how all Cloudflare users fair with TLS v1.3 enabled proxied connections + Chrome 65 stable coming as well as how different web servers' implements of TLS v1.3 support fair :)
     
  16. bassie

    bassie Active Member

    906
    216
    43
    Apr 29, 2016
    Ratings:
    +640
    Local Time:
    2:25 PM
    Chrome 65 stable released. TLS 1.3 is enabled with draft 22 and 23 on.
     
    • Informative Informative x 1
  17. eva2000

    eva2000 Administrator Staff Member

    35,617
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,093
    Local Time:
    10:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    nice - let the TLSv1.3 testing continue :D
     
  18. bassie

    bassie Active Member

    906
    216
    43
    Apr 29, 2016
    Ratings:
    +640
    Local Time:
    2:25 PM
    Chrome 65 TLS 1.3 is working fine on test sites.
     
    • Like Like x 1
    • Informative Informative x 1
  19. bassie

    bassie Active Member

    906
    216
    43
    Apr 29, 2016
    Ratings:
    +640
    Local Time:
    2:25 PM
    Same goes for Chrome for Android.
    Chrome 65 TLS 1.3 is working fine on test sites.
     
    • Like Like x 1
  20. eva2000

    eva2000 Administrator Staff Member

    35,617
    7,844
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,093
    Local Time:
    10:25 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Strange my Chrome 65 had TLS 1.3 disabled - maybe i did that myself heh

    Code (Text):
    curl --tlsv1.3 -Isv https://http2.centminmod.com 2>&1 | egrep 'ALPN|SSL connection'
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * SSL connection using TLSv1.3 / TLS13-AES-128-GCM-SHA256
    * ALPN, server accepted to use h2
    

    Nginx 1.13.9 + OpenSSL 1.1.1-pre2 beta with TLSv1.3 support
    upload_2018-3-9_8-13-1.png

    setting it back to default enables TLS v1.3

    upload_2018-3-9_8-14-55.png
     
    Last edited: Mar 9, 2018
..