[Gt-eos] TLS 1.3
Frank Scheiner
scheiner at hlrs.de
Thu May 24 19:02:06 CEST 2018
Hi Mischa, Mattias, others,
On 05/24/2018 02:56 PM, Mischa Salle wrote:
> Most is summarized in a wiki https://wiki.openssl.org/index.php/TLS1.3
> They also say there that 1.1.1 is not being released before TLS1.3 is
> actually released (currently still in draft:
> https://tools.ietf.org/html/draft-ietf-tls-tls13-28)
That's an important information, so currently not even the TLSv1.3 draft
is finished, hence the current implementation in OpenSSL 1.1.1
"pre-releases" is also not final.
For now could it not also be possible to link to OpenSSL 1.1.1 and still
limit usage of TLS to TLSv1.2?
Because the wiki article says below "Ciphersuites":
``
[...]
OpenSSL has implemented support for five TLSv1.3 ciphersuites as follows:
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
[...]
By default the first three of the above ciphersuites are enabled by
default. This means that if you have no explicit ciphersuite
configuration then you will automatically use those three and will be
able to negotiate TLSv1.3.
[...]
```
...so it looks to me like it defaults to TLSv1.3, but maybe this can be
changed by a switch or an option.
And if I understand the following note from [1] correctly:
```
Note that at this stage only TLSv1.3 is supported. DTLSv1.3 is still in
the early days of specification and there is no OpenSSL support for it
at this time.
```
...there is also currently no TLSv1.3 equivalent for UDT (i.e. no DTLSv1.3).
[1]:
https://wiki.openssl.org/index.php/TLS1.3#Differences_with_TLS1.2_and_below
Cheers,
Frank
--
Frank Scheiner
High Performance Computing Center Stuttgart (HLRS)
Department Project User Management & Accounting
Email: scheiner at hlrs.de
Phone: +49 711 685 68039
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2293 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.egi.eu/pipermail/gt-eos/attachments/20180524/eab4d131/attachment.p7s>
More information about the Gt-eos
mailing list