Discover Centmin Mod today
Register Now

Cloudflare SSL TLS 1.3 explained by the Cloudflare Crypto Team at 33c3

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Feb 3, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    30,934
    6,911
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,407
    Local Time:
    12:35 PM
    Nginx 1.13.x
    MariaDB 5.5
    The Cloudflare talk introduces TLS 1.3 and explains how it works in technical detail, why it is faster and more secure, and touches on its history and current status.



    Unfortunately, OpenSSL and LibreSSL haven't implemented TLS 1.3 yet so not working with Nginx HTTPS yet.

    Some info on OpenSSL's TLS 1.3 plans in OpenSSL 1.1.1 https://community.centminmod.com/threads/openssl-and-tls-1-3-next.9286/
     
  2. BamaStangGuy

    BamaStangGuy Active Member

    475
    137
    43
    May 25, 2014
    Ratings:
    +181
    Local Time:
    8:35 PM
    I love that company. Looking forward to seeing what else they do.
     
  3. eva2000

    eva2000 Administrator Staff Member

    30,934
    6,911
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,407
    Local Time:
    12:35 PM
    Nginx 1.13.x
    MariaDB 5.5
    Yes Cloudflare's innovation is amazing as to what they bring to the table for web performance and web security. I can imagine, they're eating into complementary competitor's bottom line a lot i.e. CDNs and smaller anti-DDOS/waf providers and not to mention hold off users' server hardware vertical upgrade paths till a lot later !
     
    • Agree Agree x 1
  4. bassie

    bassie Active Member

    564
    123
    43
    Apr 29, 2016
    Ratings:
    +372
    Local Time:
    3:35 AM
    Even though it was already released in OpenSSL and could work on Nginx. Which of course is not.
    It is quite useless ATM as it is not enabled by default on browsers like Chrome stable (stable 56 with tls 1.3 support) etc.

    BoringSSL does have version 1.3 but, you need to patch the code to enable 1.3.
     
    • Informative Informative x 1
  5. bassie

    bassie Active Member

    564
    123
    43
    Apr 29, 2016
    Ratings:
    +372
    Local Time:
    3:35 AM
    I have done some testing with BoringSSL but it actually makes no sense. Apart from the above is, 1.3 is still draft.
     
  6. eva2000

    eva2000 Administrator Staff Member

    30,934
    6,911
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,407
    Local Time:
    12:35 PM
    Nginx 1.13.x
    MariaDB 5.5
    Well TLS 1.3 ain't perfect yet - Chrome browser connections hanging up on TLS 1.3 connections 694593 - BlueCoat and other proxies hang up during TLS 1.3 - chromium - Monorail

     
  7. eva2000

    eva2000 Administrator Staff Member

    30,934
    6,911
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,407
    Local Time:
    12:35 PM
    Nginx 1.13.x
    MariaDB 5.5