[openssl-users] Call for testing TLS 1.3

Hubert Kario hkario at redhat.com
Mon Jun 18 20:40:11 UTC 2018

On Sunday, 29 April 2018 12:43:26 CEST Kurt Roeckx wrote:
> The upcomming OpenSSL 1.1.1 release will have TLS 1.3 support. TLS
> 1.3 brings a lot of changes that might cause incompatibility. For
> an overview see https://wiki.openssl.org/index.php/TLS1.3
> We are considering if we should enable TLS 1.3 by default or not,
> or when it should be enabled. For that, we would like to know how
> applications behave with the latest beta release.
> When testing this, it's important that both sides of the
> connection support the same TLS 1.3 draft version. OpenSSL
> currently implements draft 26. We would like to see tests
> for OpenSSL acting as client and server.
> https://github.com/tlswg/tls13-spec/wiki/Implementations lists
> other TLS 1.3 implementations and the draft they currently
> support. Note that the versions listed there might not be for the
> latest release. It also lists some https test servers.
> We would really like to see a diverse set of applictions being
> tested. Please report any results you have to us.

We are moving forward with the TLS 1.3 support in tlsfuzzer and early results 
with OpenSSL look good.

We do have a lot more sketched out than actually done though: https://
github.com/tomato42/tlsfuzzer/projects/1 (in total about 170 different 
scenarios are planned with just 12 implemented).
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180618/3e7aa6f0/attachment.sig>

More information about the openssl-users mailing list