Want to subscribe to topics you're interested in?
Become a Member

Cloudflare SSL TLS 1.3 explained by the Cloudflare Crypto Team at 33c3

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Feb 3, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    9:19 AM
    Nginx 1.13.x
    MariaDB 5.5
    The Cloudflare talk introduces TLS 1.3 and explains how it works in technical detail, why it is faster and more secure, and touches on its history and current status.



    Unfortunately, OpenSSL and LibreSSL haven't implemented TLS 1.3 yet so not working with Nginx HTTPS yet.

    Some info on OpenSSL's TLS 1.3 plans in OpenSSL 1.1.1 https://community.centminmod.com/threads/openssl-and-tls-1-3-next.9286/
     
  2. BamaStangGuy

    BamaStangGuy Active Member

    470
    137
    43
    May 25, 2014
    Ratings:
    +180
    Local Time:
    6:19 PM
    I love that company. Looking forward to seeing what else they do.
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    9:19 AM
    Nginx 1.13.x
    MariaDB 5.5
    Yes Cloudflare's innovation is amazing as to what they bring to the table for web performance and web security. I can imagine, they're eating into complementary competitor's bottom line a lot i.e. CDNs and smaller anti-DDOS/waf providers and not to mention hold off users' server hardware vertical upgrade paths till a lot later !
     
    • Agree Agree x 1
  4. bassie

    bassie Active Member

    535
    116
    43
    Apr 29, 2016
    Ratings:
    +348
    Local Time:
    1:19 AM
    Even though it was already released in OpenSSL and could work on Nginx. Which of course is not.
    It is quite useless ATM as it is not enabled by default on browsers like Chrome stable (stable 56 with tls 1.3 support) etc.

    BoringSSL does have version 1.3 but, you need to patch the code to enable 1.3.
     
    • Informative Informative x 1
  5. bassie

    bassie Active Member

    535
    116
    43
    Apr 29, 2016
    Ratings:
    +348
    Local Time:
    1:19 AM
    I have done some testing with BoringSSL but it actually makes no sense. Apart from the above is, 1.3 is still draft.
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    9:19 AM
    Nginx 1.13.x
    MariaDB 5.5
    Well TLS 1.3 ain't perfect yet - Chrome browser connections hanging up on TLS 1.3 connections 694593 - BlueCoat and other proxies hang up during TLS 1.3 - chromium - Monorail

     
  7. eva2000

    eva2000 Administrator Staff Member

    30,168
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,138
    Local Time:
    9:19 AM
    Nginx 1.13.x
    MariaDB 5.5