Hello,
On 13 January 2018 at 20:57, Pavlos Parissis <pavlos.paris...@gmail.com> wrote: > On 13/01/2018 04:22 μμ, Lukas Tribus wrote: >> Hello, >> >> >> On 13 January 2018 at 15:17, Pavlos Parissis <pavlos.paris...@gmail.com> >> wrote: >>>> Not exactly, the moment you force a cipher list that does not include a >>>> TLSv1.3 cipher in the server side (which has TLSv1.3 enabled) the TLS >>>> handshake will break regardless of what is in the Client hello. >>>> >>> >>> But, can we have TLSv3 enabled on server side and still accept TLSv2 >>> sessions? >> >> Only if your cipher-list contains TLSv1.3 ciphers, otherwise nothing >> will work (regardless of the TLS version). >> > > and all those ciphers are supported by all recent browsers, right ? That's not the point, you can always specify old ciphers as well. It's just that you MUST specify at least 1 TLSv1.3 cipher (for any TLS version to work). >> OpenSSL really goes the extra mile to make everyone's life miserable. > > Is this the result of the implementation or of the TLSv1.3 design ? TLSv1.3 is fine, the discussion in the IETF working-group has lots of participants and the process works. The OpenSSL implementation (and especially the API) is decided by a small number of people, they have (rightfully so) their own opinions, but I also don't see them receptive of different opinions. That's why Google forked it and why other are switching to that fork: https://blog.cloudflare.com/make-ssl-boring-again/ But abandoning OpenSSL for a fork like BoringSSL brings their own problems, it's certainly not a change at the push of a button. Lukas