Welcome to Centmin Mod Community
Register Now

OpenSSL OpenSSL 1.1.1 and Chrome 70 with TLS 1.3 RFC support

Discussion in 'CentOS, Redhat & Oracle Linux News' started by buik, Oct 16, 2018.

  1. buik

    buik Well-Known Member

    1,197
    320
    83
    Apr 29, 2016
    Ratings:
    +939
    Local Time:
    7:37 AM
    As Chrome 70 stable is around the corner.

    It seemed to me as a BoringSSL user a good idea to test Chrome 70 with TLS 1.3 RFC support and a Nginx based OpenSSL 1.1.1 with TLS 1.3 RFC, test site.

    The Chrome 70 default setting is TLS 1.3 Draft 23, Draft 28 and final enabled.
    Problem is that any test site is using TLS 1.2 unless chrome://flags TLS 1.3 is set from default (as seen above) to Enabled (Final).

    Chrome version is 70.0.3538.54
    OpenSSL 1.1.1 final
    Nginx 1.15.4 and 1.15.5

    Does anyone recognize this behavior?
     
  2. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:37 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    You using Chrome 70 beta ? Maybe Chrome 70 final will be different ?
     
  3. buik

    buik Well-Known Member

    1,197
    320
    83
    Apr 29, 2016
    Ratings:
    +939
    Local Time:
    7:37 AM
    As the release is today. It seems to me that nothing, little has changed.
    That is why I am looking for experiences from others?
     
  4. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:37 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Is it today.. my Chrome 69 hasn't got any updates for 70 yet so not released yet for stable version.
     
  5. buik

    buik Well-Known Member

    1,197
    320
    83
    Apr 29, 2016
    Ratings:
    +939
    Local Time:
    7:37 AM
    That is correct: Stable in 0 day ( Oct 16 )
    Chrome 70 should be released in the matter of hours.
     
  6. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:37 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    usually it's USA timezone which is still Oct 15th AFAIK.
     
  7. buik

    buik Well-Known Member

    1,197
    320
    83
    Apr 29, 2016
    Ratings:
    +939
    Local Time:
    7:37 AM
    Yup but as Google has offices all over the US continent and the world.
    If 16 is the day without release blocker bugs. And looking at previous releases. Chrome 70 should be launched within 19 hours.
     
    • Like Like x 1
  8. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:37 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yeah. Will be good to see TLS 1.3 usage pick up :D Just need for some anti-virus/malware scanning software who inspect HTTPS traffic to get updated to support TLS 1.3 properly :)
     
  9. buik

    buik Well-Known Member

    1,197
    320
    83
    Apr 29, 2016
    Ratings:
    +939
    Local Time:
    7:37 AM
    Could you test the latest Chrome Beta with your TLS 1.3 (test) site?
    Centminmod is using OpenSSL 1.1.1 with TLS 1.3 final.

    I am very curious about your results.
    tHANKS,
     
  10. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:37 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    don't use chrome beta only chrome stable and chrome canary 71 :)
     
  11. buik

    buik Well-Known Member

    1,197
    320
    83
    Apr 29, 2016
    Ratings:
    +939
    Local Time:
    7:37 AM
    You could use Chrome 70 portable if thats the problem.
    What about Chrome 71? Working fine with OpenSSL 1.1.1. tls 1.3 based sites out of the box?
     
  12. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:37 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah Chrome Canary 71 working fine for Centmin Mod Nginx 1.15.5 + OpenSSL 1.1.1 TLS 1.3 or BoringSSL TLS 1.3 :)
     
  13. Mastergumble

    Mastergumble Member

    36
    6
    8
    Sep 29, 2016
    Ratings:
    +14
    Local Time:
    6:37 AM
    1.11.x
    10.x
     
    • Informative Informative x 1
  14. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:37 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yeah but that references TLS 1.3 drafts as well as rfc final.
     
  15. rdan

    rdan Well-Known Member

    4,672
    1,122
    113
    May 25, 2014
    Ratings:
    +1,664
    Local Time:
    1:37 PM
    Mainline
    10.2
    Google Chrome is up to date
    Version 70.0.3538.67 (Official Build) (64-bit)
     
  16. buik

    buik Well-Known Member

    1,197
    320
    83
    Apr 29, 2016
    Ratings:
    +939
    Local Time:
    7:37 AM
    Chrome 70 released.

    I am curious about your test results.
     
    • Like Like x 1
  17. eva2000

    eva2000 Administrator Staff Member

    41,748
    9,398
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,443
    Local Time:
    3:37 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    looks good to me Centmin Mod Nginx 1.15.5 + OpenSSL 1.1.1 TLS 1.3 enabled

    chrome70-tls1.3-rfc-final-centminmod-nginx-1.15.5-openssl-1.1.1-01.png

    chrome70-ssllabs-tls1.3-01.png
     
  18. buik

    buik Well-Known Member

    1,197
    320
    83
    Apr 29, 2016
    Ratings:
    +939
    Local Time:
    7:37 AM
    As Chrome 70 stable is released.

    It seemed to me as a BoringSSL user a good idea to test Chrome 70 with TLS 1.3 RFC support and a Nginx based OpenSSL 1.1.1 with TLS 1.3 RFC, test site.

    The Chrome 70 default setting is TLS 1.3 Draft 23, Draft 28 and final enabled.
    Test site used TLS 1.3 (Final) without changing changing anything.
    TLS settings are not touched.

    Conclusion.
    Site seems to be running fine.

    Chrome 70 final version is 70.0.3538.67
    OpenSSL 1.1.1 final
    Nginx 1.15.4 and 1.15.5
     
    • Like Like x 1
  19. buik

    buik Well-Known Member

    1,197
    320
    83
    Apr 29, 2016
    Ratings:
    +939
    Local Time:
    7:37 AM
    @eva2000 fortunately, something has changed since 70.0.3538.54 (latest beta) to 70.0.3538.67 (final).
    As TLS 1.3 seems to work as it should with the final bits.
     
    • Like Like x 1
  20. Revenge

    Revenge Active Member

    443
    92
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +333
    Local Time:
    6:37 AM
    1.9.x
    10.1.x
    I use the beta version and its 70.0.3538.67.