Discover Centmin Mod today
Register Now

Cloudflare SSL TLS 1.3 explained by the Cloudflare Crypto Team at 33c3

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Feb 3, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    50,891
    11,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,246
    Local Time:
    7:35 AM
    Nginx 1.25.x
    MariaDB 10.x
    The Cloudflare talk introduces TLS 1.3 and explains how it works in technical detail, why it is faster and more secure, and touches on its history and current status.



    Unfortunately, OpenSSL and LibreSSL haven't implemented TLS 1.3 yet so not working with Nginx HTTPS yet.


    Some info on OpenSSL's TLS 1.3 plans in OpenSSL 1.1.1 https://community.centminmod.com/threads/openssl-and-tls-1-3-next.9286/
     
  2. BamaStangGuy

    BamaStangGuy Active Member

    668
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    3:35 PM
    I love that company. Looking forward to seeing what else they do.
     
  3. eva2000

    eva2000 Administrator Staff Member

    50,891
    11,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,246
    Local Time:
    7:35 AM
    Nginx 1.25.x
    MariaDB 10.x
    Yes Cloudflare's innovation is amazing as to what they bring to the table for web performance and web security. I can imagine, they're eating into complementary competitor's bottom line a lot i.e. CDNs and smaller anti-DDOS/waf providers and not to mention hold off users' server hardware vertical upgrade paths till a lot later !
     
  4. buik

    buik “The best traveler is one without a camera.”

    1,914
    498
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,603
    Local Time:
    10:35 PM
    Even though it was already released in OpenSSL and could work on Nginx. Which of course is not.
    It is quite useless ATM as it is not enabled by default on browsers like Chrome stable (stable 56 with tls 1.3 support) etc.

    BoringSSL does have version 1.3 but, you need to patch the code to enable 1.3.
     
  5. buik

    buik “The best traveler is one without a camera.”

    1,914
    498
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,603
    Local Time:
    10:35 PM
    I have done some testing with BoringSSL but it actually makes no sense. Apart from the above is, 1.3 is still draft.
     
  6. eva2000

    eva2000 Administrator Staff Member

    50,891
    11,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,246
    Local Time:
    7:35 AM
    Nginx 1.25.x
    MariaDB 10.x
    Well TLS 1.3 ain't perfect yet - Chrome browser connections hanging up on TLS 1.3 connections 694593 - BlueCoat and other proxies hang up during TLS 1.3 - chromium - Monorail

     
  7. eva2000

    eva2000 Administrator Staff Member

    50,891
    11,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,246
    Local Time:
    7:35 AM
    Nginx 1.25.x
    MariaDB 10.x