TLS 1.3 compatibility issues with OpenSSL 1.1.1 prereleases, please stop using them

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

TLS 1.3 compatibility issues with OpenSSL 1.1.1 prereleases, please stop using them

Hanno Böck-4
Hi,

tl;dr If you use OpenSSL 1.1.1_pre* versions please update to the final
version as soon as possible.

Not sure if this has been discussed here before, but I'd like to point
out a mail David Benjamin has recently sent to the TLS WG list:
https://www.ietf.org/mail-archive/web/tls/current/msg27066.html

Particularly he talks about issues the Chrome team had with deploying
TLS 1.3. One of the issues affects OpenSSL prereleases.

Some early versions of OpenSSL 1.1.1 (-pre6 and earlier) would allow
connections from TLS 1.3 clients, but they would try to do a connection
with a Draft TLS 1.3 version with a client that uses the final TLS 1.3
version. This obviously fails.

Long story short: If you happen to use such an OpenSSL pre version
you'll likely have connection issues as more and more software will
support TLS 1.3. So please update as soon as possible.

--
Hanno Böck
https://hboeck.de/

mail/jabber: [hidden email]
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users