[openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
Jakob Bohm
jb-openssl at wisemo.com
Tue Sep 18 07:16:11 UTC 2018
On 15/09/2018 10:46, Kurt Roeckx wrote:
> On Thu, Sep 13, 2018 at 08:13:41PM +0200, Jakob Bohm wrote:
>> On 13/09/2018 09:57, Klaus Keppler wrote:
>>> Hi,
>>>
>>> thank you for all your responses.
>>>
>>> I've just tested with Firefox Nightly 64.0a1, and both s_server and our
>>> own app (using OpenSSL 1.1.1-release) are working fine.
>>>
>>> The Firefox website is quite confusing:
>>>
>>>> Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number).
>>> (https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/)
>>>
>>> This is quite confusing, as it sounds better than it actually is.
>>> (so I've just learned that draft-28 is obviously incompatible with RFC8446)
>>>
>>> So thank you for your input, will now continue with OpenSSL 1.1.1.
>>> The rest will be only a matter of time. :D
>>>
>>> Best regards
>>>
>>> -Klaus
>> Would it be reasonable for 1.1.1a to add a transitional "bugs" bit (to be
>> removed again in a few years) to accept the draft version number of final
>> TLS 1.3, if the protocols are otherwise identical?
> Draft versions really should die as soon as possible. If we ever put
> it in a released version, it will still be in use in 10 years,
> which really isn't something we want.
>
> On the other hand, in a few weeks browsers will stop using those
> draft versions, so I really don't see the point.
My point was about the likelihood of last-draft browsers lingering
on in the real world for some time (like 1 to 3 years) after the
TLS1.3-final browser versions ship. The inspiration was the report
that facebook had done this on their own servers, presumably based
on their massive metrics of real world browsers.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list