[openssl-project] When to enable TLS 1.3

Kurt Roeckx kurt at roeckx.be
Sat Apr 21 19:45:30 UTC 2018


On Sat, Apr 21, 2018 at 02:45:34PM -0400, Viktor Dukhovni wrote:
> 
> 
> > On Apr 21, 2018, at 2:42 PM, Kurt Roeckx <kurt at roeckx.be> wrote:
> > 
> > Here is some attempt:
> > 
> > The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS
> > 1.3 brings a lot of changes that might cause incompatibility. For
> > an overview see https://wiki.openssl.org/index.php/TLS1.3
> 
> Should the Wiki mention the observed SNI issue?

It's really a change in other libraries, but since it can cause
issues, feel free to add it.

> > We are considering if we should enable TLS 1.3 by default or not,
> > or when it should be enabled. For that, we would like to know how
> > applications behave with the current version.
> 
> It is perhaps unclear in the last sentence what "the current version"
> means.

So: with the latest beta release?


Kurt



More information about the openssl-project mailing list