TLS 1.3

Which version is expecting to support TLS 1.3?
  • On 11-01-2018 5:46 PM, ScorpionSting wrote:
    >
    > Which version is expecting to support TLS 1.3?
    >
    >


    tls 1.3 is still in draft and on the openssl website it states that 1.1.1 (the version that will support tls 1.3) won't be released until 1.3 is no
    longer in draft. Given all this and that NAM relies on openssl its probably a better question for the people that draft up the standard and ask them
    first when they thing it'll be an official standard rather than a draft.

    --
    Cheers,
    Edward
  • Other critical components also include Java, which is in the same boat;
    all products are waiting on ratification of the standard before
    implementing it fully. While some software has implemented TLS 1.3 in
    anticipation of completion, some have also backed out making it a default
    because pf problems found. Start with the final spec, then products can
    implement, then products depending on those products (NAM depending on
    Java or openssl, etc.) can implement.


    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.
  • Might be in draft, but support is already available in browsers and some cdn services are offering it too (e.g. CloudFlare)...

    While Java would also require code to cope, I see the main component being the MAG's apache module (/openssl), and previous release cycles have made this a very very very slow process....from the moment openssl x.x.x supports technology y, for it to get into the SUSE OS, then climb its way through the maze of "downstream repositories"....its a very long time.....and really isn't suitable for everyone being security conscious these days.
  • I would agree with that security conscious view with the deprecation of
    bad things, which has been the vast majority of concerns over the past
    five years, but this is about something new. The bulk of problems in the
    past have been with the need to obsolete old ciphersuites, even TLS and
    SSL versions, and at the same time support things after TLS 1.0 while on
    SLES 11, which had openssl 0.9.8 and never supported anything newer than
    TLS 1.0. Adding new support is not as critical to security folks, maybe
    even non-preferred, because new functionality is more-likely to have bugs
    that will be exploited (e.g. Heartbleed) compared to old, tried, trusted,
    stable code.

    Anyway, doing anything before it is ratified seems premature to me.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.
  • On 12-01-2018 7:52 AM, ab wrote:
    > I would agree with that security conscious view with the deprecation of
    > bad things, which has been the vast majority of concerns over the past
    > five years, but this is about something new. The bulk of problems in the
    > past have been with the need to obsolete old ciphersuites, even TLS and
    > SSL versions, and at the same time support things after TLS 1.0 while on
    > SLES 11, which had openssl 0.9.8 and never supported anything newer than
    > TLS 1.0. Adding new support is not as critical to security folks, maybe
    > even non-preferred, because new functionality is more-likely to have bugs
    > that will be exploited (e.g. Heartbleed) compared to old, tried, trusted,
    > stable code.
    >
    > Anyway, doing anything before it is ratified seems premature to me.
    >

    1

    --
    Cheers,
    Edward
  • Hi.

    Is there any new update about this?

    kr

    Grega