support TLSv1.3 ciphersuites #4769
Labels
Comments
Closed
|
@eloquence @zenmonkeykstop: I consider that now that securedrop is based on Focal and hosts specific different configurations for Focal and Bionic we could easily add this support without impacting the Bionic release. I'm going to prepare a pull request based on the latest codebase |
conorsch
added a commit
that referenced
this issue
Aug 2, 2021
Add support for support TLSv1.3 ciphersuites as for #4769
|
This was done in #5988 (thanks, @evilaliv3! :). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
In #4725, @evilaliv3 correctly pointed out that we should add support for TLSv1.3 and that we need to manually add the ciphersuites since we explicitly list them in
securedrop_app_https_ssl_ciphers(role-level variable in theappAnsible role).The version of openssl included in Ubuntu Xenial does not yet support TLSv1.3 (it's 1.0.2) and version 1.1.1 or later is required for TLSv1.3. However, Bionic does provide 1.1.1, so if we support Bionic (cc #4768) we'll be able to conditionally add TLSv1.3 support.
The text was updated successfully, but these errors were encountered: