On Sunday, 29 April 2018 12:43:26 CEST Kurt Roeckx wrote: > The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS > 1.3 brings a lot of changes that might cause incompatibility. For > an overview see https://wiki.openssl.org/index.php/TLS1.3 > > We are considering if we should enable TLS 1.3 by default or not, > or when it should be enabled. For that, we would like to know how > applications behave with the latest beta release. > > When testing this, it's important that both sides of the > connection support the same TLS 1.3 draft version. OpenSSL > currently implements draft 26. We would like to see tests > for OpenSSL acting as client and server. > > https://github.com/tlswg/tls13-spec/wiki/Implementations lists > other TLS 1.3 implementations and the draft they currently > support. Note that the versions listed there might not be for the > latest release. It also lists some https test servers. > > We would really like to see a diverse set of applictions being > tested. Please report any results you have to us. We are moving forward with the TLS 1.3 support in tlsfuzzer and early results with OpenSSL look good. We do have a lot more sketched out than actually done though: https:// github.com/tomato42/tlsfuzzer/projects/1 (in total about 170 different scenarios are planned with just 12 implemented). -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
