Want more timely Centmin Mod News Updates?
Become a Member

OpenSSL OpenSSL 1.1.1 and Chrome 70 with TLS 1.3 RFC support

Discussion in 'CentOS, Redhat & Oracle Linux News' started by bassie, Oct 16, 2018.

  1. bassie

    bassie Well-Known Member

    1,017
    243
    63
    Apr 29, 2016
    Ratings:
    +722
    Local Time:
    12:30 PM
    As Chrome 70 stable is around the corner.

    It seemed to me as a BoringSSL user a good idea to test Chrome 70 with TLS 1.3 RFC support and a Nginx based OpenSSL 1.1.1 with TLS 1.3 RFC, test site.

    The Chrome 70 default setting is TLS 1.3 Draft 23, Draft 28 and final enabled.
    Problem is that any test site is using TLS 1.2 unless chrome://flags TLS 1.3 is set from default (as seen above) to Enabled (Final).

    Chrome version is 70.0.3538.54
    OpenSSL 1.1.1 final
    Nginx 1.15.4 and 1.15.5

    Does anyone recognize this behavior?
     
  2. eva2000

    eva2000 Administrator Staff Member

    36,915
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,438
    Local Time:
    9:30 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    You using Chrome 70 beta ? Maybe Chrome 70 final will be different ?
     
  3. bassie

    bassie Well-Known Member

    1,017
    243
    63
    Apr 29, 2016
    Ratings:
    +722
    Local Time:
    12:30 PM
    As the release is today. It seems to me that nothing, little has changed.
    That is why I am looking for experiences from others?
     
  4. eva2000

    eva2000 Administrator Staff Member

    36,915
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,438
    Local Time:
    9:30 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Is it today.. my Chrome 69 hasn't got any updates for 70 yet so not released yet for stable version.
     
  5. bassie

    bassie Well-Known Member

    1,017
    243
    63
    Apr 29, 2016
    Ratings:
    +722
    Local Time:
    12:30 PM
    That is correct: Stable in 0 day ( Oct 16 )
    Chrome 70 should be released in the matter of hours.
     
  6. eva2000

    eva2000 Administrator Staff Member

    36,915
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,438
    Local Time:
    9:30 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    usually it's USA timezone which is still Oct 15th AFAIK.
     
  7. bassie

    bassie Well-Known Member

    1,017
    243
    63
    Apr 29, 2016
    Ratings:
    +722
    Local Time:
    12:30 PM
    Yup but as Google has offices all over the US continent and the world.
    If 16 is the day without release blocker bugs. And looking at previous releases. Chrome 70 should be launched within 19 hours.
     
    • Like Like x 1
  8. eva2000

    eva2000 Administrator Staff Member

    36,915
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,438
    Local Time:
    9:30 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah. Will be good to see TLS 1.3 usage pick up :D Just need for some anti-virus/malware scanning software who inspect HTTPS traffic to get updated to support TLS 1.3 properly :)
     
  9. bassie

    bassie Well-Known Member

    1,017
    243
    63
    Apr 29, 2016
    Ratings:
    +722
    Local Time:
    12:30 PM
    Could you test the latest Chrome Beta with your TLS 1.3 (test) site?
    Centminmod is using OpenSSL 1.1.1 with TLS 1.3 final.

    I am very curious about your results.
    tHANKS,
     
  10. eva2000

    eva2000 Administrator Staff Member

    36,915
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,438
    Local Time:
    9:30 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    don't use chrome beta only chrome stable and chrome canary 71 :)
     
  11. bassie

    bassie Well-Known Member

    1,017
    243
    63
    Apr 29, 2016
    Ratings:
    +722
    Local Time:
    12:30 PM
    You could use Chrome 70 portable if thats the problem.
    What about Chrome 71? Working fine with OpenSSL 1.1.1. tls 1.3 based sites out of the box?
     
  12. eva2000

    eva2000 Administrator Staff Member

    36,915
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,438
    Local Time:
    9:30 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yeah Chrome Canary 71 working fine for Centmin Mod Nginx 1.15.5 + OpenSSL 1.1.1 TLS 1.3 or BoringSSL TLS 1.3 :)
     
  13. Mastergumble

    Mastergumble Premium Member Premium Member

    35
    5
    8
    Sep 29, 2016
    Ratings:
    +12
    Local Time:
    11:30 AM
    1.11.x
    10.x
     
    • Informative Informative x 1
  14. eva2000

    eva2000 Administrator Staff Member

    36,915
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,438
    Local Time:
    9:30 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    yeah but that references TLS 1.3 drafts as well as rfc final.
     
  15. rdan

    rdan Premium Member Premium Member

    4,369
    1,053
    113
    May 25, 2014
    Ratings:
    +1,524
    Local Time:
    7:30 PM
    Mainline
    10.2
    Google Chrome is up to date
    Version 70.0.3538.67 (Official Build) (64-bit)
     
  16. bassie

    bassie Well-Known Member

    1,017
    243
    63
    Apr 29, 2016
    Ratings:
    +722
    Local Time:
    12:30 PM
    Chrome 70 released.

    I am curious about your test results.
     
    • Like Like x 1
  17. eva2000

    eva2000 Administrator Staff Member

    36,915
    8,074
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,438
    Local Time:
    9:30 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    looks good to me Centmin Mod Nginx 1.15.5 + OpenSSL 1.1.1 TLS 1.3 enabled

    chrome70-tls1.3-rfc-final-centminmod-nginx-1.15.5-openssl-1.1.1-01.png

    chrome70-ssllabs-tls1.3-01.png
     
  18. bassie

    bassie Well-Known Member

    1,017
    243
    63
    Apr 29, 2016
    Ratings:
    +722
    Local Time:
    12:30 PM
    As Chrome 70 stable is released.

    It seemed to me as a BoringSSL user a good idea to test Chrome 70 with TLS 1.3 RFC support and a Nginx based OpenSSL 1.1.1 with TLS 1.3 RFC, test site.

    The Chrome 70 default setting is TLS 1.3 Draft 23, Draft 28 and final enabled.
    Test site used TLS 1.3 (Final) without changing changing anything.
    TLS settings are not touched.

    Conclusion.
    Site seems to be running fine.

    Chrome 70 final version is 70.0.3538.67
    OpenSSL 1.1.1 final
    Nginx 1.15.4 and 1.15.5
     
    • Like Like x 1
  19. bassie

    bassie Well-Known Member

    1,017
    243
    63
    Apr 29, 2016
    Ratings:
    +722
    Local Time:
    12:30 PM
    @eva2000 fortunately, something has changed since 70.0.3538.54 (latest beta) to 70.0.3538.67 (final).
    As TLS 1.3 seems to work as it should with the final bits.
     
    • Like Like x 1
  20. Revenge

    Revenge Active Member

    426
    87
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +317
    Local Time:
    11:30 AM
    1.9.x
    10.1.x
    I use the beta version and its 70.0.3538.67.
     
..