[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Call for testing openssl TLS 1.3 support


The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS
1.3 brings a lot of changes that might cause incompatibility. For
an overview see https://wiki.openssl.org/index.php/TLS1.3

The upstream OpenSSL team is considering if TLS 1.3 should be enabled
by default or not, or when it should be enabled. For that, they would
like to know how applications behave with the latest beta release.

When testing this, it's important that both sides of the
connection support the same TLS 1.3 draft version. OpenSSL
currently implements draft 26. It would be useful to have tests
for OpenSSL acting as client and server.

https://github.com/tlswg/tls13-spec/wiki/Implementations lists
other TLS 1.3 implementations and the draft they currently
support. Note that the versions listed there might not be for the
latest release. It also lists some https test servers.

It would be useful to hve a diverse set of applictions being
tested. Please report any results you have.

I have uploaded 1.1.1-pre6 to experimental. You need to upgrade
libssl1.1 to the version from experimental to test things.

The version in experimental also defaults to a minimum version
of TLS 1.2, and has changed the default security level from 1 to 2.
Both options can be changed in the /etc/ssl/openssl.cnf file, which
is part of the openssl package.


Attachment: signature.asc
Description: PGP signature

Reply to: