Hi, The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS 1.3 brings a lot of changes that might cause incompatibility. For an overview see https://wiki.openssl.org/index.php/TLS1.3 The upstream OpenSSL team is considering if TLS 1.3 should be enabled by default or not, or when it should be enabled. For that, they would like to know how applications behave with the latest beta release. When testing this, it's important that both sides of the connection support the same TLS 1.3 draft version. OpenSSL currently implements draft 26. It would be useful to have tests for OpenSSL acting as client and server. https://github.com/tlswg/tls13-spec/wiki/Implementations lists other TLS 1.3 implementations and the draft they currently support. Note that the versions listed there might not be for the latest release. It also lists some https test servers. It would be useful to hve a diverse set of applictions being tested. Please report any results you have. I have uploaded 1.1.1-pre6 to experimental. You need to upgrade libssl1.1 to the version from experimental to test things. The version in experimental also defaults to a minimum version of TLS 1.2, and has changed the default security level from 1 to 2. Both options can be changed in the /etc/ssl/openssl.cnf file, which is part of the openssl package. Kurt
Attachment:
signature.asc
Description: PGP signature