[openssl-users] TLS 1.3 compatibility issues with OpenSSL 1.1.1 prereleases, please stop using them

Hanno Böck hanno at hboeck.de
Tue Oct 16 08:34:16 UTC 2018


tl;dr If you use OpenSSL 1.1.1_pre* versions please update to the final
version as soon as possible.

Not sure if this has been discussed here before, but I'd like to point
out a mail David Benjamin has recently sent to the TLS WG list:

Particularly he talks about issues the Chrome team had with deploying
TLS 1.3. One of the issues affects OpenSSL prereleases.

Some early versions of OpenSSL 1.1.1 (-pre6 and earlier) would allow
connections from TLS 1.3 clients, but they would try to do a connection
with a Draft TLS 1.3 version with a client that uses the final TLS 1.3
version. This obviously fails.

Long story short: If you happen to use such an OpenSSL pre version
you'll likely have connection issues as more and more software will
support TLS 1.3. So please update as soon as possible.

Hanno Böck

mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

More information about the openssl-users mailing list