Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for TLS 1.3 #228

Closed
kaze87 opened this issue Sep 22, 2016 · 32 comments
Closed

Add support for TLS 1.3 #228

kaze87 opened this issue Sep 22, 2016 · 32 comments
Labels

Comments

@kaze87
Copy link

@kaze87 kaze87 commented Sep 22, 2016

Will LibreSSL wait for OpenSSL to add TLS 1.3 support?
openssl/openssl#963

@4a6f656c
Copy link
Member

@4a6f656c 4a6f656c commented Sep 27, 2016

It will happen at some point, but there's currently no specific timeline.

@ThomasAlxDmy
Copy link

@ThomasAlxDmy ThomasAlxDmy commented Mar 4, 2017

+1 on that thread. Anyone has a timeline (or a rough estimation)?

@leonklingele
Copy link

@leonklingele leonklingele commented Mar 14, 2017

OpenSSL plans to ship TLS 1.3 in about three weeks (April 5): https://blogs.akamai.com/2017/01/tls-13-ftw.html

@4a6f656c
Copy link
Member

@4a6f656c 4a6f656c commented Apr 30, 2017

As noted in https://www.mail-archive.com/openssl-dev@openssl.org/msg46709.html, OpenSSL has code that is "available" rather than "released". That aside, TLSv1.3 is still a draft and is not yet standardised. Additionally, we are well aware of the draft implementations in BoringSSL and OpenSSL.

@unrelentingtech
Copy link

@unrelentingtech unrelentingtech commented Apr 30, 2017

Apparently nginx already supports 1.3 though?? Somehow

@leonklingele
Copy link

@leonklingele leonklingele commented Apr 30, 2017

nginx has only added support for TLS1.3 in the ssl_protocols directive. nginx/nginx@9a37eb3

@bob-beck
Copy link
Member

@bob-beck bob-beck commented May 1, 2017

You know, I am really thinking that those who are dying for a draft implementation of a not yet ratified standard could run code from other projects with a proven track record of draft quality implementations of not yet ratified standards....

@nimbius
Copy link

@nimbius nimbius commented Mar 11, 2018

TLSv1.3 is still a draft and is not yet standardised largely due to industries that make a lucrative trade on SSL/TLS intercept products for enterprises not yet knowing how to "break" the protocol and allow it to properly proxy across their appliances.

Please dont let draft prevent the inclusion of an important advancement of the protocol.

@bob-beck
Copy link
Member

@bob-beck bob-beck commented Mar 24, 2018

@bob-beck
Copy link
Member

@bob-beck bob-beck commented Mar 24, 2018

We will support 1.3 once the standard is firmed up and finalized (i.e. ceases to be coopted by vendors making changes to allow for people to continue to run moribund middle boxes that can't recognize a new protocol on the wire) Since there is effectively nothing wrong with TLS 1.2 with a sanely chosen cipher suite today, we believe a clean careful implementation is more beneficial than early adoption.

@nimbius
Copy link

@nimbius nimbius commented Mar 25, 2018

FWIW 1.3 was finalized and approved by the IETF last wednesday.
https://www.ietf.org/mail-archive/web/ietf-announce/current/msg17592.html
interesting inclusion of a controversial feature, 0-RTT.

please check:
E.5. Replay Attacks on 0-RTT

in my opinion this should probably remain a secure-by-default "off" feature unless a gas leak in the users office has convinced them to enable it for some reason.

Thanks again for your dedication and careful consideration.

@libressl-portable libressl-portable locked as off topic and limited conversation to collaborators Mar 25, 2018
@libressl-portable libressl-portable unlocked this conversation Sep 4, 2018
@frebib
Copy link

@frebib frebib commented Nov 2, 2018

Is there a plan/roadmap for TLS 1.3?

angristan added a commit to angristan/nginx-autoinstall that referenced this issue Dec 12, 2018
@pkubaj
Copy link

@pkubaj pkubaj commented Dec 18, 2018

What is the status of TLSv1.3 in LibreSSL 2.9.0? I can see it's in the source, but disabled by default.

Is it incomplete yet, or just not tested thoroughly? If you need testers, I can compile with LIBRESSL_HAS_TLS1_3.

@aduskett
Copy link

@aduskett aduskett commented Feb 3, 2019

Same here, I am more than willing to test it out.

@busterb
Copy link
Member

@busterb busterb commented Feb 4, 2019

TLS 1.3 support is in development, as you have noticed. There will be an announcement when the implementation is ready for wider testing. It's not ready currently, so defining LIBRESSL_HAS_TLS1_3 will not help much.

@KanPlus
Copy link

@KanPlus KanPlus commented Aug 9, 2019

What is the roadmap for TLS1.3 in LibreSSL?

@ezar
Copy link

@ezar ezar commented Nov 7, 2019

No news?

@bob-beck
Copy link
Member

@bob-beck bob-beck commented Nov 14, 2019

The roadmap is -> it is being worked on. We are volunteers so it will be finished when it is finished.. client side works.

@lubo
Copy link

@lubo lubo commented Nov 14, 2019

@bob-beck That's great and thanks for all the work. When are you going to release a version which includes client side? Currently, I only care about client side, so it'd help a lot.

@kinichiro
Copy link
Member

@kinichiro kinichiro commented May 13, 2020

Client side was enabled with 3.1.0, and server side has come up in the upstream.

@tegan-lamoureux
Copy link

@tegan-lamoureux tegan-lamoureux commented Jul 8, 2020

Forgive me if this is not in the scope, as I'm not fully up to speed on the inner workings of TLS. But I've been having trouble with OpenVPN compiled against LibreSSL 3.1.3 connecting to a server (ProtonVPN) which uses a TLS 1.3 cipher, specifically TLS_AES_256_GCM_SHA384. The TLS handshake fails.

Problem is, I'm not seeing it listed in:

▶ openvpn --show-tls          
Available TLS Ciphers, listed in order of preference:

For TLS 1.3 and newer (--tls-ciphersuites):

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-CHACHA20-POLY1305
GOST2012256-GOST89-GOST89
DHE-RSA-CAMELLIA256-SHA256
DHE-RSA-CAMELLIA256-SHA
GOST2001-GOST89-GOST89
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-CAMELLIA128-SHA256
DHE-RSA-CAMELLIA128-SHA

If client side was enabled, is there a reason I don't see it listed here? Do I need to compile it myself with additional build flags?

Thanks for any help.


Edit: and sorry, I realize that's output from OpenVPN, but I also checked with:

▶ libressl ciphers
AEAD-AES256-GCM-SHA384:AEAD-CHACHA20-POLY1305-SHA256:AEAD-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:GOST2012256-GOST89-GOST89:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:GOST2001-GOST89-GOST89:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:CAMELLIA128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA

and don't see it there.

@jedisct1
Copy link

@jedisct1 jedisct1 commented Jul 8, 2020

The OpenSSL API is not implemented yet.

@tegan-lamoureux
Copy link

@tegan-lamoureux tegan-lamoureux commented Jul 8, 2020

Oh, I see. Thanks! I was unsure how that worked. I'll keep an eye out for that.

@bob-beck
Copy link
Member

@bob-beck bob-beck commented Oct 19, 2020

3.2.2 is released with client and server TLS 1.3 on by default when using the regular API.

Adding support for the new OpenSSL tls 1.3 specific API's is a separate issue (and will be addressed later)

@leonklingele
Copy link

@leonklingele leonklingele commented Oct 19, 2020

Does that mean v3.2.2 should bring TLS 1.3 support to nginx? Cause It's not working for me :(

@botovq
Copy link
Member

@botovq botovq commented Oct 19, 2020

@leonklingele
Copy link

@leonklingele leonklingele commented Oct 19, 2020

Thank you, @botovq! Nice work, LibreSSL team! :)

image

@leonklingele
Copy link

@leonklingele leonklingele commented Oct 19, 2020

This is what I get on ssllabs.com with nginx-1.19.3 and v3.2.2 with the TLS 1.3 "patch" from #228 (comment):

Chrome 69 / Win 7  R — Server negotiated HTTP/2 with blacklisted suite — TLS 1.2 > h2 | TLS_AES_256_GCM_SHA384

Firefox 62 / Win 7  R — Server negotiated HTTP/2 with blacklisted suite — TLS 1.2 > h2 | TLS_AES_256_GCM_SHA384

image

@bob-beck
Copy link
Member

@bob-beck bob-beck commented Oct 20, 2020

@steils
Copy link

@steils steils commented Dec 1, 2020

Sorry for disturbing in this closed issue. But LIBRESSL_HAS_TLS1_3 is still not defined in opensslfeatures.h, and therefore OPENSSL_NO_TLS1_3 is defined. Is it meant to be so?

@botovq
Copy link
Member

@botovq botovq commented Dec 1, 2020

lighttpd-git pushed a commit to lighttpd/lighttpd1.4 that referenced this issue Jan 13, 2021
set Ciphersuites once API is available (SSL_CTX_set_ciphersuites())
in LibreSSL.

x-ref:
  "Add support for TLS 1.3"
  libressl-portable/portable#228
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet