On 15/09/2018 10:46, Kurt Roeckx wrote:
On Thu, Sep 13, 2018 at 08:13:41PM +0200, Jakob Bohm wrote:
On 13/09/2018 09:57, Klaus Keppler wrote:
Hi,
thank you for all your responses.
I've just tested with Firefox Nightly 64.0a1, and both s_server and our
own app (using OpenSSL 1.1.1-release) are working fine.
The Firefox website is quite confusing:
Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number).
(https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/)
This is quite confusing, as it sounds better than it actually is.
(so I've just learned that draft-28 is obviously incompatible with RFC8446)
So thank you for your input, will now continue with OpenSSL 1.1.1.
The rest will be only a matter of time. :D
Best regards
-Klaus
Would it be reasonable for 1.1.1a to add a transitional "bugs" bit (to be
removed again in a few years) to accept the draft version number of final
TLS 1.3, if the protocols are otherwise identical?
Draft versions really should die as soon as possible. If we ever put
it in a released version, it will still be in use in 10 years,
which really isn't something we want.
On the other hand, in a few weeks browsers will stop using those
draft versions, so I really don't see the point.
My point was about the likelihood of last-draft browsers lingering
on in the real world for some time (like 1 to 3 years) after the
TLS1.3-final browser versions ship. The inspiration was the report
that facebook had done this on their own servers, presumably based
on their massive metrics of real world browsers.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
