Page 1 of 1

TLS1.3 Support

Posted: 2020/04/22 06:57:44
by arun168403
Hi,

As per RHEL article, TLS1.3 is support by OpenSSL-1.1.1 in CentOS-8. (https://access.redhat.com/articles/3628041)
I need to support TLS1.3 in CentOS-7. I even tried to compile OpenSSL-1.1.1 against CentOS-7-x86-64, but it is not successful.

Would it be possible to support TLS1.3 in CentOS-7?


Regards,
Arun

Re: TLS1.3 Support

Posted: 2020/04/22 09:07:27
by TrevorH
Only if Red Hat backport openssl 1.1.1 to RHEL 7 which I would suspect is not going to happen.

Re: TLS1.3 Support

Posted: 2020/04/22 14:06:52
by chemal
Actually, there is minor support for TLS 1.3 in 7. NSS as shipped with 7.7+ can do TLS 1.3, but of the programs that use NSS for crypto only firefox, thunderbird, and curl can make use of this. All the others are missing the client-side changes for TLS 1.3. For example, apache has a mod_nss that can be used instead of mod_ssl, but mod_nss in 7 has not been adapted to the new NSS. Things will be similar for programs that use openssl for crypto: it's not enough to just update openssl to a new version.

By the way, the old apache in 7 can be made to do TLS 1.3 with minimal surgery: https://copr.fedorainfracloud.org/coprs/mlampe/mod_nss/

Re: TLS1.3 Support

Posted: 2020/04/25 01:36:46
by arun168403
Thanks for the comments.

Regards,
Arun