[openssl-users] s_server -www -tls1_3: Firefox/Chrome not working

Kurt Roeckx kurt at roeckx.be
Sat Sep 15 08:46:01 UTC 2018


On Thu, Sep 13, 2018 at 08:13:41PM +0200, Jakob Bohm wrote:
> On 13/09/2018 09:57, Klaus Keppler wrote:
> > Hi,
> > 
> > thank you for all your responses.
> > 
> > I've just tested with Firefox Nightly 64.0a1, and both s_server and our
> > own app (using OpenSSL 1.1.1-release) are working fine.
> > 
> > The Firefox website is quite confusing:
> > 
> > > Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number).
> > (https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/)
> > 
> > This is quite confusing, as it sounds better than it actually is.
> > (so I've just learned that draft-28 is obviously incompatible with RFC8446)
> > 
> > So thank you for your input, will now continue with OpenSSL 1.1.1.
> > The rest will be only a matter of time. :D
> > 
> > Best regards
> > 
> >     -Klaus
> Would it be reasonable for 1.1.1a to add a transitional "bugs" bit (to be
> removed again in a few years) to accept the draft version number of final
> TLS 1.3, if the protocols are otherwise identical?

Draft versions really should die as soon as possible. If we ever put
it in a released version, it will still be in use in 10 years,
which really isn't something we want.

On the other hand, in a few weeks browsers will stop using those
draft versions, so I really don't see the point.


Kurt



More information about the openssl-users mailing list