Announcement

**R41N3R** · 12 September 2018, 04:25 AM

Now I guess that apache needs an update as well to work with TLSv1.3...

**treba** · 12 September 2018, 04:38 AM

I really hope ubuntu 18.04 gets this update. Normally they don't like bumping the version, but sometimes they do and in this case, there's every reason to do so

**carewolf** · 12 September 2018, 05:09 AM

Originally posted by FireBurn View Post

FireFox and Chromium both use NSS for TLS 1.3

No, Chromium only uses NSS for certificate verification, and then only on Linux. it uses their own branch of OpenSSL called boringSSL for TLS.

**eva2000** · 12 September 2018, 06:07 AM

Originally posted by carewolf View Post

No, Chromium only uses NSS for certificate verification, and then only on Linux. it uses their own branch of OpenSSL called boringSSL for TLS.

Yup Google uses BoringSSL fork of OpenSSL https://boringssl.googlesource.com/boringssl/

I glad OpenSSL 1.1.1 is out now so I can compile my Nginx builds to support TLS 1.3 via either OpenSSL 1.1.1 or BoringSSL. FYI, OpenSSL 1.1.1 has up to 50% better ECDSA performance than OpenSSL 1.1.0 branch and up to 380+ % faster ECDSA performance than LibreSSL 2.7 !

**F.Ultra** · 12 September 2018, 04:49 PM

Originally posted by Flaburgan View Post

Isn't Ubuntu using libressl?

Nope, of the bigger Linux distributions I would say that Alpine is the only one that jumped on that hype train. LibreSSL is a royal pain since they copied the OpenSSL API from version 0x1000107fL while defining OPENSSL_VERSION_NUMBER as 0x20000000... Whoever made that decision should hand in their developer card.

**Azrael5** · 12 September 2018, 04:53 PM

Originally posted by pal666 View Post

openssl is a library, chromium and firefox are library users. firefox has its own crypto lib, i have no idea about chromium

so what's the benefit of openssl? I assume that the user who have an own site can take benefit from OPENSSL.

**cybertraveler** · 12 September 2018, 07:15 PM

Originally posted by F.Ultra View Post

Nope, of the bigger Linux distributions I would say that Alpine is the only one that jumped on that hype train. LibreSSL is a royal pain since they copied the OpenSSL API from version 0x1000107fL while defining OPENSSL_VERSION_NUMBER as 0x20000000... Whoever made that decision should hand in their developer card.

If libressl is designed to operate as a drop in replacement for OpenSSL for apps that only use the OpenSSL features provded by LibreSSL, then what you have described sounds like a bug and a bug report should be filed to fix it.

**pal666** · 12 September 2018, 10:34 PM

Originally posted by Azrael5 View Post

so what's the benefit of openssl?

it's library implementing ssl/tls and crypto. there are others. you can use openssl in you code or you can use other library. maybe openssl is the only opensource one with fips certification

**FireBurn** · 13 September 2018, 02:12 AM

Originally posted by R41N3R View Post

Now I guess that apache needs an update as well to work with TLSv1.3...

I've compiled it myself from https://github.com/apache/httpd/tree/tlsv1.3-for-2.4.x against OpenSSL 1.1.1 - I'm still a bit flumixed by how to configure it

**Flaburgan** · 13 September 2018, 03:19 AM

Originally posted by F.Ultra View Post

Nope, of the bigger Linux distributions I would say that Alpine is the only one that jumped on that hype train.

Hm, in Linux Mint 18.3 based on Ubuntu 16.04 I had trouble installing the last Linux 4.17 kernel with ukuu it failed because a package had a dependency to at least libressl1.1 and it wasn't available. I found it weird especially because it was a Linux point release. I supposed 16.04 were stuck with libressl 1.0. Although now that I explain it, nothing in this story says libressl was installed nor used by default.

Announcement

OpenSSL 1.1.1 Released With TLS 1.3 Support, Better Fends Off Side-Channel Attacks

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment