OpenSSL OpenSSL 1.1.1 TLS 1.3 Nearly Here

eva2000 · Aug 16, 2018

So close according to OpenSSL github mirror commits Update code for the final RFC version of TLSv1.3 (RFC8446) · openssl/openssl@35e742e. TLS1.3 - OpenSSLWiki

@bassie shame you moved to BoringSSL or are you moving back to OpenSSL 1.1.1 once final version is released ?

Testing Nginx master branch 1.15.3 + OpenSSL 1.1.1 master branch build on Centmin Mod 123.09beta01 (without HPACK patch)

nginx -V
nginx version: nginx/1.15.3 (150818-210849)
built by gcc 7.3.1 20180303 (Red Hat 7.3.1-5) (GCC)
built with OpenSSL 1.1.1-dev xx XXX xxxx
TLS SNI support enabled
configure arguments: --with-ld-opt='-L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-I/usr/local/include -m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -gsplit-dwarf' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=150818-210849 --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.4.2 --add-dynamic-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.32 --add-dynamic-module=../echo-nginx-module-0.61 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-dynamic-module=../headers-more-nginx-module-0.33 --with-pcre=../pcre-8.42 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.0 --with-http_ssl_module --with-http_v2_module --with-openssl=../openssl-tls1.3 --with-openssl-opt='enable-ec_nistp_64_gcc_128 enable-tls1_3'
Click to expand...

FYI, seems Cloudflare HPACK patch fails with OpenSSL 1.1.1 master. Patch isn't enabled by default, unless you set NGINX_HPACK='y' in persistent config set with /etc/centminmod/custom_config.inc prior to Nginx recompiles via centmin.sh menu option 4. So will need to update my HPACK patch routines to detect for this and disable HPACK patch automatically. Edit: updated Centmin Mod 123.09beta01 code so will automatically set NGINX_HPACK='n' when OpenSSL 1.1.1 compiled Nginx is detected during centmin.sh menu option 4 runs.
Code (Text):
ccache gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I/usr/local/include -m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -Wno-error=strict-aliasing -fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting  -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -gsplit-dwarf -Wno-deprecated-declarations -DNDK_SET_VAR -DNDK_UPSTREAM_LIST -I src/core -I src/event -I src/event/modules -I src/os/unix -I /usr/local/include -I ../ngx_devel_kit-0.3.0/objs -I objs/addon/ndk -I ../ngx_devel_kit-0.3.0/src -I ../ngx_devel_kit-0.3.0/objs -I objs/addon/ndk -I ../pcre-8.42 -I ../openssl-tls1.3/.openssl/include -I ../zlib-cloudflare-1.3.0 -I objs -I src/http -I src/http/modules -I src/http/v2 -I ../ngx_devel_kit-0.3.0/src \
        -o objs/src/http/modules/ngx_http_index_module.o \
        src/http/modules/ngx_http_index_module.c
src/http/v2/ngx_http_v2.c: In function ‘ngx_http_v2_state_settings_params’:
src/http/v2/ngx_http_v2.c:2083:9: error: duplicate case value
         case NGX_HTTP_V2_HEADER_TABLE_SIZE_SETTING:
         ^~~~
src/http/v2/ngx_http_v2.c:2078:9: note: previously used here
         case NGX_HTTP_V2_HEADER_TABLE_SIZE_SETTING:
         ^~~~
make[1]: *** [objs/src/http/v2/ngx_http_v2.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: Leaving directory `/svr-setup/nginx-master'
make: *** [build] Error 2

buik · Aug 16, 2018

eva2000 said: ↑

@bassie shame you moved to BoringSSL or are you moving back to OpenSSL 1.1.1 once final version is released ?
Click to expand...

shame? why?

eva2000 · Aug 16, 2018

bassie said: ↑

shame? why?
Click to expand...

The grass is always greener on the 'other' side Yeah shame might not be the right word though

buik · Aug 16, 2018

eva2000 said: ↑

The grass is always greener on the 'other' side Yeah shame might not be the right word though
Click to expand...

Perhaps the OpenSSL team can look each other in the mirror looking for their own identity.
Not for nothing that Google, Cloudflare, OpenBSD, Facebook and Dropbox (have read that somewhere) have switched to BoringSSL, Fizz, LibreSSL or equivalent.

But as always never say never again......

eva2000 · Aug 16, 2018

Quick OpenSSL RSA 2048 and ECDSA benchmarks for OpenSSL 1.1.0i with/without Cloudflare ECDSA performance patch vs OpenSSL 1.1.1 master branch build on Intel Xeon E3 1270v1 16GB 240GB SSD dedicated server with CentOS 7.5 64bit and Centmin Mod 123.09beta01. Looks like latest OpenSSL 1.1.1 master branch code lost the Cloudflare ECDSA patch performance which I tested was there in OpenSSL 1.1.1-pre1 ?

openssl 1.1.0i before ECDSA patch

Code (Text):

/opt/openssl/bin/openssl speed -multi 8 rsa2048 ecdsap256

OpenSSL 1.1.0i  14 Aug 2018
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/openssl\"" -DENGINESDIR="\"/opt/openssl/lib/engines-1.1\""  -Wa,--noexecstack
                 sign    verify    sign/s verify/s
rsa 2048 bits 0.000270s 0.000008s   3710.0 127752.2
                             sign    verify    sign/s verify/s
 256 bit ecdsa (nistp256)   0.0000s   0.0000s  86956.5  34483.7

openssl 1.1.0i after ECDSA patch

Code (Text):

/opt/openssl/bin/openssl speed -multi 8 rsa2048 ecdsap256

OpenSSL 1.1.0i  14 Aug 2018
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/openssl\"" -DENGINESDIR="\"/opt/openssl/lib/engines-1.1\""  -Wa,--noexecstack
                 sign    verify    sign/s verify/s
rsa 2048 bits 0.000270s 0.000008s   3696.9 128008.2
                             sign    verify    sign/s verify/s
 256 bit ecdsa (nistp256)   0.0000s   0.0000s 121212.1  37736.7

openssl 1.1.1 older tls1.3-draft-18 branch

Code (Text):

/opt/openssl-tls1.3/bin/openssl speed -multi 8 rsa2048 ecdsap256

OpenSSL 1.1.1-dev  xx XXX xxxx
built on: reproducible build, date unspecified
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: ccache gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/opt/openssl-tls1.3\"" -DENGINESDIR="\"/opt/openssl-tls1.3/lib/engines-1.1\""  -Wa,--noexecstack
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.000269s 0.000008s   3710.6 127429.3
                              sign    verify    sign/s verify/s
 256 bit ecdsa (nistp256)   0.0000s   0.0000s  84342.7  33439.4

tested openssl 1.1.1-pre2 too

Code (Text):

/opt/openssl/bin/openssl speed -multi 8 rsa2048 ecdsap256

OpenSSL 1.1.1-pre2 (alpha) 27 Feb 2018
built on: Wed Aug 15 22:12:03 2018 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: ccache gcc -Wall -O3 -pthread -m64 -Wa,--noexecstack -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSL_USE_NODELETE -DL_ENDIAN
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.000270s 0.000008s   3706.6 127548.8
                              sign    verify    sign/s verify/s
 256 bit ecdsa (nistp256)   0.0000s   0.0000s 112018.1  37743.6

tested openssl 1.1.1-pre8 too - even slower ECDSA

Code (Text):

/opt/openssl/bin/openssl speed -multi 8 rsa2048 ecdsap256

OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018
built on: Wed Aug 15 22:06:15 2018 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: ccache gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.000270s 0.000008s   3709.9 127268.6
                              sign    verify    sign/s verify/s
 256 bits ecdsa (nistp256)   0.0000s   0.0000s  60036.2  37857.1

Add CentOS 7.5 system OpenSSL 1.0.2k results too

Code (Text):

openssl speed -multi 8 rsa2048 ecdsap256

OpenSSL 1.0.2k-fips  26 Jan 2017
built on: reproducible build, date unspecified
options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.000268s 0.000008s   3727.0 128008.2
                              sign    verify    sign/s verify/s
 256 bit ecdsa (nistp256)   0.0000s   0.0000s  89762.8  34821.1

Add LibreSSL 2.7.4

Code (Text):

/opt/libressl/bin/openssl speed -multi 8 rsa2048 ecdsap256

LibreSSL 2.7.4
built on: date not available
options:bn(64,64) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx)
compiler: information not available
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.000300s 0.000016s   3328.5  64131.1
                              sign    verify    sign/s verify/s
 256 bit ecdsa (nistp256)   0.0000s   0.0001s  33773.2   9121.5

Update i mistakenly hard coded my OpenSSL 1.1.1 master to tls1.3-draft-18 branch which is much older so that is where the ECDSA regression was. So retested within latest OpenSSL 1.1.1 master and updated below results

Code (Text):

/opt/openssl-tls1.3/bin/openssl speed -multi 8 rsa2048 ecdsap256

OpenSSL 1.1.1-pre9-dev  xx XXX xxxx
built on: Fri Aug 17 19:03:16 2018 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: ccache gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.000270s 0.000008s   3706.3 127931.8
                              sign    verify    sign/s verify/s
 256 bits ecdsa (nistp256)   0.0000s   0.0000s 128299.2  37842.9

OpenSSL benchmarks	rsa 2048 signs/s	rsa 2048 verify/s	ecdsa 256bit signs/s	ecdsa 256bit verify/s
LibreSSL 2.7.4	3328.5	64131.1	33773.2	9121.5
OpenSSL 1.0.2k system	3727.0	128008.2	89762.8	34821.1
OpenSSL 1.1.0i before ECDSA patch	3710.0	127752.2	86956.5	34483.7
OpenSSL 1.1.0i after ECDSA patch	3696.9	128008.2	121212.1	37736.7
OpenSSL 1.1.1-pre2	3706.6	127548.8	112018.1	37743.6
OpenSSL 1.1.1-pre8	3709.9	127268.6	60036.2	37857.1
OpenSSL 1.1.1 tls1.3-draft-18 branch	3710.6	127429.3	84342.7	33439.4
OpenSSL 1.1.1 master (August 18, 2018)	3706.3	127931.8	128299.2	37842.9

Seems the later OpenSSL 1.1.1 builds lost the ECDSA performance improvements from the Cloudflare ECDSA patch which was originally commited in this pull request ec/ecp_nistz256.c: improve ECDSA sign by 30-40%. by dot-asm · Pull Request #5001 · openssl/openssl ?

eva2000 · Aug 16, 2018

bassie said: ↑

Perhaps the OpenSSL team can look each other in the mirror looking for their own identity.
Not for nothing that Google, Cloudflare, OpenBSD, Facebook and Dropbox (have read that somewhere) have switched to BoringSSL, Fizz, LibreSSL or equivalent.

But as always never say never again......
Click to expand...

Yeah many options out there... though LibreSSL ECDSA performance lagging way behind OpenSSL 1.1 and BoringSSL

buik · Aug 16, 2018

eva2000 said: ↑

Yeah many options out there... though LibreSSL ECDSA performance lagging way behind OpenSSL 1.1 and BoringSSL
Click to expand...

Yes, instead of removing old compatibility code and weak code from OpenSSL releases and release it under own brand, they maintain an old OpenSSL version and build up their own functions. This way you will lag behind hopelessly. LibreSSL is doomed to fail.

eva2000 · Aug 16, 2018

Yup was curious so added system OpenSSL 1.0.2k and LibreSSL 2.7.4 benchmarks to above post here. LibreSSL RSA 2048 and ECDSA performance is 1/3 to 1/2 performance of OpenSSL !

buik · Aug 16, 2018

eva2000 said: ↑

Yup was curious so added system OpenSSL 1.0.2k and LibreSSL 2.7.4 benchmarks to above post here. LibreSSL RSA 2048 and ECDSA performance is 1/3 to 1/2 performance of OpenSSL !
Click to expand...

There is absolutely no reason to use LibreSSL rather than using it with OpenBSD.

eva2000 · Aug 16, 2018

eva2000 said: ↑

FYI, seems Cloudflare HPACK patch fails with OpenSSL 1.1.1 master. Patch isn't enabled by default, unless you set NGINX_HPACK='y' in persistent config set with /etc/centminmod/custom_config.inc prior to Nginx recompiles via centmin.sh menu option 4. So will need to update my HPACK patch routines to detect for this and disable HPACK patch automatically. Edit: updated Centmin Mod 123.09beta01 code so will automatically set NGINX_HPACK='n' when OpenSSL 1.1.1 compiled Nginx is detected during centmin.sh menu option 4 runs.
Click to expand...

seems HPACK patch problem wasn't OpenSSL 1.1.1 but with Nginx 1.15.3 master branch due to probably the changes for boringssl. OpenSSL 1.1.1 + Nginx 1.15.2 were fine with Cloudflare HPACK patch - so the patch needs an update for Nginx 1.15.3 compatibility

nginx -V
nginx version: nginx/1.15.2 (160818-065012)
built by gcc 7.3.1 20180303 (Red Hat 7.3.1-5) (GCC)
built with OpenSSL 1.1.1-dev xx XXX xxxx
TLS SNI support enabled
configure arguments: --with-ld-opt='-L/usr/local/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/lib' --with-cc-opt='-I/usr/local/include -m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -Wno-error=strict-aliasing -fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations -gsplit-dwarf' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=160818-065012 --with-compat --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream=dynamic --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.4.2 --add-dynamic-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.32 --add-dynamic-module=../echo-nginx-module-0.61 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18 --add-module=../srcache-nginx-module-0.31 --add-dynamic-module=../headers-more-nginx-module-0.33 --with-pcre=../pcre-8.42 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.0 --with-http_ssl_module --with-http_v2_module --with-http_v2_hpack_enc --with-openssl=../openssl-tls1.3 --with-openssl-opt='enable-ec_nistp_64_gcc_128 enable-tls1_3'
Click to expand...

eva2000 · Aug 16, 2018

fixed Nginx 1.15.3 HPACK patch compatibility with update in 123.09beta01 at Beta Branch - add Nginx 1.15.3 supported Cloudflare HPACK patch

eva2000 · Aug 18, 2018

Update i mistakenly hard coded my OpenSSL 1.1.1 master to tls1.3-draft-18 branch which is much older so that is where the ECDSA regression was. So retested within latest OpenSSL 1.1.1 master and updated below results
Code (Text):
/opt/openssl-tls1.3/bin/openssl speed -multi 8 rsa2048 ecdsap256

OpenSSL 1.1.1-pre9-dev  xx XXX xxxx
built on: Fri Aug 17 19:03:16 2018 UTC
options:bn(64,64) rc4(16x,int) des(int) aes(partial) idea(int) blowfish(ptr)
compiler: ccache gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.000270s 0.000008s   3706.3 127931.8
                              sign    verify    sign/s verify/s
 256 bits ecdsa (nistp256)   0.0000s   0.0000s 128299.2  37842.9
OpenSSL benchmarks rsa 2048 signs/s rsa 2048 verify/s ecdsa 256bit signs/s ecdsa 256bit verify/s

LibreSSL 2.7.4 3328.5 64131.1 33773.2 9121.5

OpenSSL 1.0.2k system 3727.0 128008.2 89762.8 34821.1

OpenSSL 1.1.0i before ECDSA patch 3710.0 127752.2 86956.5 34483.7

OpenSSL 1.1.0i after ECDSA patch 3696.9 128008.2 121212.1 37736.7

OpenSSL 1.1.1-pre2 3706.6 127548.8 112018.1 37743.6

OpenSSL 1.1.1-pre8 3709.9 127268.6 60036.2 37857.1

OpenSSL 1.1.1 tls1.3-draft-18 branch 3710.6 127429.3 84342.7 33439.4

OpenSSL 1.1.1 master (August 18, 2018) 3706.3 127931.8 128299.2 37842.9

eva2000 · Aug 24, 2018

Google chrome/blink group discussing adding final TLS 1.3 version and interesting notes Google Groups

There is one detail in the final RFC that could not be tested in draft versions. TLS 1.3 adds an anti-downgrade security measure, based on the server random field. This strengthens the existing anti-downgrade protections in the protocol. There is no breakage risk for users connecting to servers directly, nor for users behind a TLS-terminating middlebox (such as an antivirus or some enterprise middleware products), provided the middlebox correctly implemented prior TLS versions.

However, we are aware of an issue with Cisco Firepower firewalls. In some configurations, these firewalls copy server randoms when terminating TLS, rather than generating fresh values as required by TLS 1.0 through 1.2. Users behind such firewalls will experience connection failures with TLS-1.3-capable servers. We informed Cisco of this in December of last year. They plan on releasing a fix next week. We will implement a dedicated error code for this case in Chrome to aid diagnosis.
Click to expand...

You are correct on the importance of downgrade protection in TLS. Without it, security improvements in new versions of TLS are meaningless. Indeed, TLS 1.3 would have shipped two years ago were it not for our insistence that we be able to ship it with downgrade protection. (As is the standard for other TLS changes.)

Fortunately, turning off this anti-downgrade signal would not leave TLS 1.3 unprotected. TLS already inherits the existing downgrade protection mechanism based on the Finished check. We spent a lot of effort so that TLS 1.3 could be deployed without the old insecure fallback dance we'd worked so hard to fix. It cost a delay, but our draft version deployments showed the work paid off. TLS 1.3 is deployable without an insecure fallback!

Still, the Finished check is not ideal. TLS 1.2's ServerKeyExchange signs only the randoms, rather than the entire transcript, so we are dependent on more of the TLS 1.2 handshake for downgrade protection. This mistake elevated FREAK and LogJam from academic curiosities to practical attacks. We cannot retroactively change TLS 1.2, nor will we have any hope of removing it for a very very long time, so TLS 1.3 adds the additional server-random signal. This is basically a hack around one of the few places TLS 1.2 did think to sign. (Note, however, that it too reduces to the Finished hash verification in the presence of RSA decryption cipher suites. Sadly, those are also not practical to remove right now. Many sites rely on them, despite their many known flaws.)

Thus, yes, this server-random signal is an important part of TLS 1.3 and we do intend to deploy it. However, the reality is that Cisco Firepower devices failed to correctly implement TLS 1.2, and did so in a way that breaks this. It is a shame that the fix was not released months ago when we reported the issue, but so it goes. I'm hopeful that folks can update their broken devices and we can get this change to stick.
Click to expand...

So TLS 1.3 was delayed by the work on TLS 1.3 downgrade protections it seems and that TLS 1.3 is best used with ECDSA SSL certificates and ssl ciphers.

upgrade81 · Sep 9, 2018

Hello can you please kindly tell me the steps you need to do to enable tls 1.3? on centminmod beta.

eva2000 · Sep 9, 2018

2 ways outlined at Centmin Mod Nginx HTTP/2 HTTPS TLS 1.3 Support one with OpenSSL 1.1.1 developer/beta not ready for production or via BoringSSL with native TLS 1.3

eva2000 · Sep 12, 2018

OpenSSL 1.1.1 is finally out OpenSSL - OpenSSL 1.1.1 Released with TLS 1.3 Support

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

OpenSSL OpenSSL 1.1.1 TLS 1.3 Nearly Here

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

upgrade81 Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

OpenSSL OpenSSL 1.1.1 TLS 1.3 Nearly Here

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

buik “The best traveler is one without a camera.”

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

upgrade81 Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.