[opensuse-factory] OpenSSL 1.1.1 with TLS 1.3 support is coming to Factory
Hi, The TLS 1.3 protocol was recently standardized and OpenSSL 1.1.1, which implements the new TLS standard, is now close to its release. The last 1.1.1 Beta (there will be no more betas but the official release) should enter Factory in a couple of days. OpenSSL 1.1.1 is API and ABI compatible with 1.1.0 which we already have in Factory, so everything should keep on working and the applications will be able to negotiate TLS 1.3 transparently. If you want to read more about the new OpenSSL version or the new TLS protocol here's a few interesting links: OpenSSL 1.1.1 release notes: https://www.openssl.org/news/openssl-1.1.1-notes.html Using TLS 1.3 with OpenSSL: https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/ TLS 1.3 at the OpenSSL wiki: https://wiki.openssl.org/index.php/TLS1.3 Overview of the TLS 1.3 protocol: https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/ The TLS 1.3 standard itself: https://tools.ietf.org/html/rfc8446 Vita -- Vítězslav Čížek Emergency Update Team (EMU) "Whilst you sleep, we're probably saving the universe." -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
El 24-08-2018 a las 7:41, Vitezslav Cizek escribió:
Hi, The TLS 1.3 protocol was recently standardized and OpenSSL 1.1.1, which implements the new TLS standard, is now close to its release.
The last 1.1.1 Beta (there will be no more betas but the official release) should enter Factory in a couple of days. OpenSSL 1.1.1 is API and ABI compatible with 1.1.0 which we already have in Factory, so everything should keep on working and the applications will be able to negotiate TLS 1.3 transparently.
Except those that call SSL_renegotiate() without checking protocol version is TLS <= 1.2.. which will fail.. I filled a bug report for the only component I have installed that calls this function, libevent https://github.com/libevent/libevent/issues/661 . I have not provided a patch yet tough. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (2)
-
Cristian Rodríguez
-
Vitezslav Cizek