TLS1.3 Support

Support for security such as Firewalls and securing linux
Post Reply
arun168403
Posts: 7
Joined: 2018/07/13 12:12:56

TLS1.3 Support

Post by arun168403 » 2020/04/22 06:57:44

Hi,

As per RHEL article, TLS1.3 is support by OpenSSL-1.1.1 in CentOS-8. (https://access.redhat.com/articles/3628041)
I need to support TLS1.3 in CentOS-7. I even tried to compile OpenSSL-1.1.1 against CentOS-7-x86-64, but it is not successful.

Would it be possible to support TLS1.3 in CentOS-7?


Regards,
Arun

User avatar
TrevorH
Forum Moderator
Posts: 28594
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: TLS1.3 Support

Post by TrevorH » 2020/04/22 09:07:27

Only if Red Hat backport openssl 1.1.1 to RHEL 7 which I would suspect is not going to happen.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

chemal
Posts: 660
Joined: 2013/12/08 19:44:49

Re: TLS1.3 Support

Post by chemal » 2020/04/22 14:06:52

Actually, there is minor support for TLS 1.3 in 7. NSS as shipped with 7.7+ can do TLS 1.3, but of the programs that use NSS for crypto only firefox, thunderbird, and curl can make use of this. All the others are missing the client-side changes for TLS 1.3. For example, apache has a mod_nss that can be used instead of mod_ssl, but mod_nss in 7 has not been adapted to the new NSS. Things will be similar for programs that use openssl for crypto: it's not enough to just update openssl to a new version.

By the way, the old apache in 7 can be made to do TLS 1.3 with minimal surgery: https://copr.fedorainfracloud.org/coprs/mlampe/mod_nss/

arun168403
Posts: 7
Joined: 2018/07/13 12:12:56

Re: TLS1.3 Support

Post by arun168403 » 2020/04/25 01:36:46

Thanks for the comments.

Regards,
Arun

Post Reply

Return to “CentOS 7 - Security Support”