/ Register

Want to subscribe to topics you're interested in?
Become a Member

Security Changes coming to TLS (TLS v1.3)

Discussion in 'All Internet & Web Performance News' started by eva2000, Apr 6, 2017.

Tags:
Previous Thread Next Thread
Loading...
Page 2 of 3
  1. Feb 20, 2018 #21
    eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    10:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah hoping Chrome and other browsers add draft 24 soon. Qualys SSL Labs tester is also only on TLS 1.3 draft 18 right now so they need an update too :)
     
  2. Feb 23, 2018 #22
    buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    1:37 PM
  3. Feb 23, 2018 #23
    eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    10:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Very nice ! But my official Chrome still on 64 not 65 or do you mean Chrome Canary ?
     
  4. Feb 23, 2018 #24
    buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    1:37 PM
     
  5. Feb 23, 2018 #25
    eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    10:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Oh there was a 3rd edition - Chrome beta heh. I only use stable and Canary heh
     
  6. Feb 23, 2018 #26
    buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    1:37 PM
    Chrome 65 is stable in 11 days.
    If they roll it out as it is now. TLS 1.3 support with default settings.
     
  7. Feb 23, 2018 #27
    eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    10:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    sweet - 2018 is a good year :D
     
  8. Feb 25, 2018 #28
    buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    1:37 PM
    Please note that Nginx with OpenSSL 1.1.1dev TLS 1.3, both master branch and alpha,
    won't work at all on Safari. Pages simply don't load.
    Using TLS 1.3 + TLS 1.2 + TLS 1.1 etc option enabled.

    Despite the fact that the results on i.e. Webpagetest with profile iPhone, Iphone 6+/7+/8+ are fine.
    Because there are quite a lot of safari users, this is a decent blockbuster.
    In short, pay attention! and test everything real life.
     
    Last edited: Feb 25, 2018
  9. Feb 25, 2018 #29
    eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    10:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ouch yes indeed.. what TLSv1.3 draft is Safari meant to be supporting ?
     
  10. Feb 25, 2018 #30
    buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    1:37 PM
    As far as I can figure out draft 18, disabled by default.

    Caniuse does speak of none TLS 1.3 Safari support.
    Chrome, Opera, Firefox. It all work fine.

    Even if the browser won't support TLS 1.3, it is neatly forwarded to TLS 1.2.
    Safari and of course Microsoft Internet Explorer and Edge give problems.

    I did not go into it deeply, but because most browsers just work properly.
    It seems to me that the affected browsers, have difficulties with TLS.
    If there is TLS enabled which they do not recognize and do not divert correctly to fall back.

    How or what you want. OpenSSL with TLS 1.3 is not production ready.
    Even though it could be the stable release. As a hypothesis.

    Given the fact that your site become useless on Safari, Edge and Internet Explorer.
    Unfortunately, both have a decent user group
     
  11. Feb 25, 2018 #31
    eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    10:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Indeed.. work in progress it seems to TLS v1.3
     
  12. Mar 2, 2018 #32
    buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    1:37 PM
    Chrome 65 stable with TLS 1.3 in 5 days and counting!
     
  13. Mar 2, 2018 #33
    eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    10:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    cheers mate ... something else to look forward to :D

    Though the percentage of folks using Nginx 1.13 is pretty small compared to Nginx 1.10 and 1.12. I think Centmin Mod users might make up the large majority of Nginx 1.13 users world wide LOL :D
     
  14. Mar 5, 2018 #34
    buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    1:37 PM
    Chrome 65 stable with TLS 1.3 in 1 day (Europe time) and counting!
    Tuesday is the day.
     
  15. Mar 5, 2018 #35
    eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    10:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Will be interesting to see also how all Cloudflare users fair with TLS v1.3 enabled proxied connections + Chrome 65 stable coming as well as how different web servers' implements of TLS v1.3 support fair :)
     
  16. Mar 7, 2018 #36
    buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    1:37 PM
    Chrome 65 stable released. TLS 1.3 is enabled with draft 22 and 23 on.
     
  17. Mar 7, 2018 #37
    eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    10:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    nice - let the TLSv1.3 testing continue :D
     
  18. Mar 7, 2018 #38
    buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    1:37 PM
    Chrome 65 TLS 1.3 is working fine on test sites.
     
  19. Mar 9, 2018 #39
    buik

    buik “The best traveler is one without a camera.”

    2,026
    524
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,674
    Local Time:
    1:37 PM
    Same goes for Chrome for Android.
    Chrome 65 TLS 1.3 is working fine on test sites.
     
  20. Mar 9, 2018 #40
    eva2000

    eva2000 Administrator Staff Member

    54,523
    12,211
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,780
    Local Time:
    10:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Strange my Chrome 65 had TLS 1.3 disabled - maybe i did that myself heh

    Code (Text):
    curl --tlsv1.3 -Isv https://http2.centminmod.com 2>&1 | egrep 'ALPN|SSL connection'
* ALPN, offering h2
* ALPN, offering http/1.1
* SSL connection using TLSv1.3 / TLS13-AES-128-GCM-SHA256
* ALPN, server accepted to use h2

    Nginx 1.13.9 + OpenSSL 1.1.1-pre2 beta with TLSv1.3 support
    upload_2018-3-9_8-13-1.png

    setting it back to default enables TLS v1.3

    upload_2018-3-9_8-14-55.png
     
    Last edited: Mar 9, 2018
Previous Thread Next Thread
Loading...
Page 2 of 3

.