Join the community today
Register Now

Cloudflare SSL TLS 1.3 explained by the Cloudflare Crypto Team at 33c3

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Feb 3, 2017.

  1. eva2000

    eva2000 Administrator Staff Member

    47,474
    10,760
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,718
    Local Time:
    12:33 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    The Cloudflare talk introduces TLS 1.3 and explains how it works in technical detail, why it is faster and more secure, and touches on its history and current status.




    Unfortunately, OpenSSL and LibreSSL haven't implemented TLS 1.3 yet so not working with Nginx HTTPS yet.

    Some info on OpenSSL's TLS 1.3 plans in OpenSSL 1.1.1 https://community.centminmod.com/threads/openssl-and-tls-1-3-next.9286/
     
  2. BamaStangGuy

    BamaStangGuy Premium Member Premium Member

    657
    189
    43
    May 25, 2014
    Ratings:
    +265
    Local Time:
    8:33 AM
    I love that company. Looking forward to seeing what else they do.
     
  3. eva2000

    eva2000 Administrator Staff Member

    47,474
    10,760
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,718
    Local Time:
    12:33 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Yes Cloudflare's innovation is amazing as to what they bring to the table for web performance and web security. I can imagine, they're eating into complementary competitor's bottom line a lot i.e. CDNs and smaller anti-DDOS/waf providers and not to mention hold off users' server hardware vertical upgrade paths till a lot later !
     
  4. buik

    buik “The best traveler is one without a camera.” Premium Member

    1,452
    394
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,235
    Local Time:
    3:33 PM
    Even though it was already released in OpenSSL and could work on Nginx. Which of course is not.
    It is quite useless ATM as it is not enabled by default on browsers like Chrome stable (stable 56 with tls 1.3 support) etc.

    BoringSSL does have version 1.3 but, you need to patch the code to enable 1.3.
     
  5. buik

    buik “The best traveler is one without a camera.” Premium Member

    1,452
    394
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,235
    Local Time:
    3:33 PM
    I have done some testing with BoringSSL but it actually makes no sense. Apart from the above is, 1.3 is still draft.
     
  6. eva2000

    eva2000 Administrator Staff Member

    47,474
    10,760
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,718
    Local Time:
    12:33 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Well TLS 1.3 ain't perfect yet - Chrome browser connections hanging up on TLS 1.3 connections 694593 - BlueCoat and other proxies hang up during TLS 1.3 - chromium - Monorail

     
  7. eva2000

    eva2000 Administrator Staff Member

    47,474
    10,760
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,718
    Local Time:
    12:33 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x