[Discuss] [GCT] TLS v1.3 is here!
Frank Scheiner
scheiner at hlrs.de
Thu May 20 18:04:15 CEST 2021
Dear community,
well, it's already in the GCT master branch for a while, but we haven't
yet communicated it explicitly. So here it is:
We are pleased to announce that the GCT with [PR#150] now also supports
TLS v1.3!
\o/ \o/ \o/
[PR#150]: https://github.com/gridcf/gct/pull/150
Credits and compliments go to Mattias Ellert who made this possible.
****
This is already tested to work with GridFTP (server and clients
(`globus-url-copy` **and** `uberftp`) on openSUSE Leap 15.2). Fallback
to TLS v1.2 with clients that can't do TLS v1.3 did also work during
testing. The new functionality is available since "globus-gssapi-gsi"
v14.15 and "globus-gss-assist" v12.5.
Ready-made RPM packages for testing including these changes are
available for:
* SUSE from [1] (choose distribution and then "Add repository and
install manually")
* CentOS 8 from [2] ("Add repository and install manually")
[1]:
https://software.opensuse.org//download.html?project=home%3Afrank_scheiner%3Agct%3Amaster&package=globus-common
[2]:
https://software.opensuse.org//download.html?project=home%3Afrank_scheiner%3Agct-epel-8&package=globus-gss-assist
The RPM source for CentOS 8 only provides the updated
"globus-gssapi-gsi" and "globus-gss-assist" packages and you should be
able to just enable this RPM source on top of your existing RPM sources
and to issue a `yum update` to allow for TLS v1.3.
For CentOS and Scientific Linux 7 it's more complex, as existing GCT
packages are linked against OpenSSL 1.0.x. So for CentOS and Scientific
Linux 7 at least all GCT packages linked against OpenSSL 1.0.x need to
be rebuilt and linked against OpenSSL 1.1.x. If you need TLS v1.3 on
CentOS or Scientific Linux 7, we can look into enabling this for
testing. Just let us know.
Best regards,
The GridCF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2837 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.egi.eu/pipermail/discuss/attachments/20210520/ed0feffa/attachment.p7s>
More information about the discuss
mailing list