[openssl-users] TLS 1.3 compatibility issues with OpenSSL 1.1.1 prereleases, please stop using them

Hanno Böck hanno at hboeck.de
Tue Oct 16 08:34:16 UTC 2018


Hi,

tl;dr If you use OpenSSL 1.1.1_pre* versions please update to the final
version as soon as possible.

Not sure if this has been discussed here before, but I'd like to point
out a mail David Benjamin has recently sent to the TLS WG list:
https://www.ietf.org/mail-archive/web/tls/current/msg27066.html

Particularly he talks about issues the Chrome team had with deploying
TLS 1.3. One of the issues affects OpenSSL prereleases.

Some early versions of OpenSSL 1.1.1 (-pre6 and earlier) would allow
connections from TLS 1.3 clients, but they would try to do a connection
with a Draft TLS 1.3 version with a client that uses the final TLS 1.3
version. This obviously fails.

Long story short: If you happen to use such an OpenSSL pre version
you'll likely have connection issues as more and more software will
support TLS 1.3. So please update as soon as possible.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42


More information about the openssl-users mailing list