[openssl-users] Call for testing TLS 1.3
Matt Caswell
matt at openssl.org
Mon Apr 30 21:41:25 UTC 2018
On 30/04/18 21:55, Dennis Clarke wrote:
> On 30/04/18 03:48 PM, Salz, Rich via openssl-users wrote:
>> I think that makes a very strong argument that TLS 1.3 should be
>> enabled by default if it all possible.
>
>
> Question would be "why would it not be?"
TLSv1.3 behaves differently to TLSv1.2. Applications written with
TLSv1.2 in mind might not work as expected when TLSv1.3 is negotiated.
Some of the issues that might be encountered are here:
https://wiki.openssl.org/index.php/TLS1.3
We have already seen a handful of issues. For example in this one an
application has implemented a PSK callback. Due to the way PSK works in
TLSv1.3 the callback can get called earlier in the process than in
TLSv1.2. Suddenly in the presence of TLSv1.3 this particular application
callback has started to crash (we don't know why yet):
https://github.com/openssl/openssl/issues/6110
Matt
More information about the openssl-users
mailing list