[openssl-users] s_server -www -tls1_3: Firefox/Chrome not working

Jakob Bohm jb-openssl at wisemo.com
Tue Sep 18 07:16:11 UTC 2018

On 15/09/2018 10:46, Kurt Roeckx wrote:
> On Thu, Sep 13, 2018 at 08:13:41PM +0200, Jakob Bohm wrote:
>> On 13/09/2018 09:57, Klaus Keppler wrote:
>>> Hi,
>>> thank you for all your responses.
>>> I've just tested with Firefox Nightly 64.0a1, and both s_server and our
>>> own app (using OpenSSL 1.1.1-release) are working fine.
>>> The Firefox website is quite confusing:
>>>> Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number).
>>> (https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/)
>>> This is quite confusing, as it sounds better than it actually is.
>>> (so I've just learned that draft-28 is obviously incompatible with RFC8446)
>>> So thank you for your input, will now continue with OpenSSL 1.1.1.
>>> The rest will be only a matter of time. :D
>>> Best regards
>>>      -Klaus
>> Would it be reasonable for 1.1.1a to add a transitional "bugs" bit (to be
>> removed again in a few years) to accept the draft version number of final
>> TLS 1.3, if the protocols are otherwise identical?
> Draft versions really should die as soon as possible. If we ever put
> it in a released version, it will still be in use in 10 years,
> which really isn't something we want.
> On the other hand, in a few weeks browsers will stop using those
> draft versions, so I really don't see the point.
My point was about the likelihood of last-draft browsers lingering
on in the real world for some time (like 1 to 3 years) after the
TLS1.3-final browser versions ship.  The inspiration was the report
that facebook had done this on their own servers, presumably based
on their massive metrics of real world browsers.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list