[openssl-users] openssl 1.0.2 and TLS 1.3

Matt Caswell matt at openssl.org
Tue Sep 11 14:01:38 UTC 2018



On 11/09/18 14:58, The Doctor wrote:
> On Tue, Sep 11, 2018 at 09:31:23AM +0100, Matt Caswell wrote:
>>
>>
>> On 11/09/18 09:05, Dr. Matthias St. Pierre wrote:
>>>> Von: openssl-users <openssl-users-bounces at openssl.org> Im Auftrag von The Doctor
>>>> Gesendet: Dienstag, 11. September 2018 08:49
>>>> An: openssl-users at openssl.org; openssl-dev at openssl.org
>>>> Betreff: [openssl-users] openssl 1.0.2 and TLS 1.3
>>>>
>>>> Will that combination occur?
>>>
>>> Support for TLS 1.3 is a new feature in OpenSSL 1.1.1 which will be released today.
>>> OpenSSL 1.0.2 is an LTS release which will only receive security updates and no new
>>> features.
>>
>> Strictly speaking 1.0.2 will receive bug fixes and security fixes until
>> the end of this year. From the end of this year until the end of 2019 it
>> will receive security fixes only. In any case it will receive no new
>> features (including TLSv1.3).
>>
>> >From the release of 1.1.1 (today), 1.1.0 will receive security fixes
>> only for one year.
>>
>> Matt
>>
>>
> 
> Got you.
> 
> So Openssh, NTPd, MOd_pagespeed have to adopt OPEnssl 1.1X API
> in order to use TLS 1.3 .

Yes. I would encourage *all* applications still on the 1.0.x API to move
to 1.1.1 asap. By the end of next year there will be no supported
OpenSSL version that has the old API.


Matt

> 
>>
>>>
>>> HTH,
>>> Matthias
>>>
>>> See also
>>> https://wiki.openssl.org/index.php/TLS1.3
>>> https://www.openssl.org/policies/releasestrat.html
>>>
>>>
>>>
>> -- 
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 


More information about the openssl-users mailing list