s_server -www -tls1_3: Firefox/Chrome not working

classic Classic list List threaded Threaded
24 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: s_server -www -tls1_3: Firefox/Chrome not working

Kurt Roeckx
On Tue, Sep 18, 2018 at 05:11:42PM +0000, Salz, Rich via openssl-users wrote:
> >    My point was about the likelihood of last-draft browsers lingering
>     on in the real world for some time (like 1 to 3 years) after the
>     TLS1.3-final browser versions ship.
>
> I do not think this is a concern.  Chrome and FF auto-update and get almost full coverage within a month or two, for example.  Edge hasn't shipped TLS 1.3 yet. Safari encourages auto-update.  That's most of the browser market.

I think chrome and firefox cover all browsers that ever enabled a
draft version.


Kurt

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: s_server -www -tls1_3: Firefox/Chrome not working

Jakob Bohm-7
In reply to this post by OpenSSL - User mailing list
On 18/09/2018 19:11, Salz, Rich via openssl-users wrote:
>>     My point was about the likelihood of last-draft browsers lingering
>      on in the real world for some time (like 1 to 3 years) after the
>      TLS1.3-final browser versions ship.
>
> I do not think this is a concern.  Chrome and FF auto-update and get almost full coverage within a month or two, for example.  Edge hasn't shipped TLS 1.3 yet. Safari encourages auto-update.  That's most of the browser market.
While I have already accepted the infeasibility of adding this to
OpenSSL, I will have to emphasize that your argument has a serious
flaw:

The users who delay or block automatic updates tend to greatly overlap
with the users who actively block remote telemetry of their update
habits, thus skewing such statistics of "get almost full coverage within
a month or two".


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: s_server -www -tls1_3: Firefox/Chrome not working

OpenSSL - User mailing list
>    The users who delay or block automatic updates tend to greatly overlap
    with the users who actively block remote telemetry of their update
    habits, thus skewing such statistics of "get almost full coverage within
    a month or two".
 
But not downloads. :)

Shrug.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: s_server -www -tls1_3: Firefox/Chrome not working

Juan Isoza
In reply to this post by Viktor Dukhovni
I suppose Facebook reports 50% because their mobile apps uses their SSL library Fizz with Tls 1.3


I'm curious seeing your telemetry info now. Chrome 70 was released last week, and FireFox 63 today, with TLS 1.3 support

regards

Le mer. 12 sept. 2018 à 16:41, Viktor Dukhovni <[hidden email]> a écrit :


> On Sep 12, 2018, at 10:20 AM, Benjamin Kaduk via openssl-users <[hidden email]> wrote:
>
> IIUC, only Firefox nightly as of approximately today will support the final
> RFC 8446 version; I haven't looked into Chrome yet.

From the Firefox TLS 1.3 blog entry:

https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/

What Now?

TLS 1.3 is already widely deployed: both Firefox and Chrome have fielded “draft” versions. Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number). We expect to ship the final version in Firefox 63, scheduled for October 2018. Cloudflare, Google, and Facebook are running it on their servers today. Our telemetry shows that around 5% of Firefox connections are TLS 1.3. Cloudflare reports similar numbers, and Facebook reports that an astounding 50+% of their traffic is already TLS 1.3!

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
12