Join the community today
Become a Member

OpenSSL Using TLS1.3 With OpenSSL 1.1.1

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, Feb 14, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    36,814
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:11 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    OpenSSL folks have updated their blog with a new article Using TLS1.3 With OpenSSL - OpenSSL Blog just in time for the first OpenSSL 1.1.1-pre1 alpha release :)

     
  2. eva2000

    eva2000 Administrator Staff Member

    36,814
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:11 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    What is SSL? (And why it’s time to upgrade to TLS 1.3)

     
  3. eva2000

    eva2000 Administrator Staff Member

    36,814
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:11 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    @bassie World celebrates, cyber-snoops cry as TLS 1.3 internet crypto approved

     
  4. Andy

    Andy Premium Member Premium Member

    422
    61
    28
    Aug 6, 2014
    Ratings:
    +85
    Local Time:
    9:11 PM
    How will this translate to us centmin users?
     
  5. eva2000

    eva2000 Administrator Staff Member

    36,814
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:11 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Not much yet as need browser support, Chrome 65 is at TLSv1.3 draft 23 support. OpenSSL 1.1.1 pre2 is at TLSv1.3 draft 23. OpenSSL 1.1.1 pre3 is at TLSv1.3 draft 26 and final TLSv1.3 is at draft 28.


    OpenSSL 1.1.1 development schedule /policies/releasestrat.html

    So you need for OpenSSL 1.1.1 final in May 8th 2018 and see if that is TLSv1.3 draft 28. Then need to see when web browsers update to support TLSv1.3 draft 28.

    Demo of Centmin Mod Nginx 1.13.10 + OpenSSL 1.1.1 pre2 with TLSv1.3 draft 23 supported by SSL labs and Chrome 65 and Firefox 59 OpenSSL - OpenSSL 1.1.1 pre release 3 (beta) released

    SSL Server Test: http2.centminmod.com (Powered by Qualys SSL Labs)

    dev-ssllabs-tlsv13-draft23-nginx11310-openssl111-pre2-01.png dev-ssllabs-tlsv13-draft23-nginx11310-openssl111-pre2-02.png dev-ssllabs-tlsv13-draft23-nginx11310-openssl111-pre2-03.png dev-ssllabs-tlsv13-draft23-nginx11310-openssl111-pre2-04.png
     
  6. bassie

    bassie Well-Known Member

    1,009
    240
    63
    Apr 29, 2016
    Ratings:
    +715
    Local Time:
    3:11 AM
    ...............could cause networking nightmares.
    Chanceless.
    And you do not think that until after 4 years as .ietf specialist?
    And than intended standard, at that time version 23. a few days before the deadline Heeelp!
     
    Last edited: Mar 24, 2018
  7. eva2000

    eva2000 Administrator Staff Member

    36,814
    8,060
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,414
    Local Time:
    12:11 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Yeah the full range of implications TLSv1.3 is still an unknown long term even if you're a specialist. The fact that not all web browsers have enabled TLSv1.3 also makes it hard to check. But I guess everyone just wants/wishes to make TLSv1.3 to work long term (ok not everyone i.e. financial sector etc).
     
..