Re: [twsocket] ICS V8.52 allows testing of SSL TLSv1.3 protocol
OpenSSL 1.1.1-pre2 (alpha) is now available for download, needs the overnight/SVN ICS version to load. Still seems to have TLSv1.3 draft 23 according to the literals, although I thought they had updated the master to draft 24. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS V8.52 allows testing of SSL TLSv1.3 protocol
Another planned OpenSSL beta release today, which is now feature locked so no more DLL exports arriving or disappearing. OpenSSL 1.1.1-pre3 (beta) is available for download, needs the overnight/SVN ICS V8.53 version to load. This beta support TLSv1.3 draft 26. TLSv1.3 is currently at draft 28 and has been submitted for final publication, but there are no protocol changes since draft 26. Beware, at the time of writing no browsers are yet compatible with TLSv1.3 draft 26, they still connect with TLSv1.2. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS V8.52 allows testing of SSL TLSv1.3 protocol
Another planned OpenSSL beta release yesterday. OpenSSL 1.1.1-pre4 (beta) is available for download, needs the overnight/SVN ICS V8.53 version to load. This beta support TLSv1.3 draft 26. TLSv1.3 is currently at draft 28 and has been submitted for final publication, but there are no protocol changes since draft 26. The final version of 1.1.1 is currently planned for 15th May 2018 after two more betas, provided the RFC editors have finished their stuff and TLSv1.3 is formally published. Beware, at the time of writing no browsers are yet compatible with TLSv1.3 draft 26 or 28, they still connect with TLSv1.2. ICS now supports client and server connections with TLSv1.3, I've fixed a false renegotiation issue that stopped clients connecting, there is no renegotiation with TLSv1.3. I've temporarily stopped external session caching which has changed for TLSv1.3, this will be fixed soon. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS V8.52 allows testing of SSL TLSv1.3 protocol
Another planned OpenSSL beta release yesterday. OpenSSL 1.1.1-pre5 (beta) is available for download, needs the overnight/SVN ICS V8.54 version to load. This beta support TLSv1.3 draft 26, which is increasingly being supported by several test web sites. Building the latest Browser sample with this build will now open: https://tls13.crypto.mozilla.org/ Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS V8.52 allows testing of SSL TLSv1.3 protocol
Another planned OpenSSL beta release this week. OpenSSL 1.1.1-pre6 (beta) is available for download, needs the overnight/SVN ICS V8.54 version to load. This beta support TLSv1.3 draft 26, which is increasingly being supported by several test web sites. Unfortunately something in ICS has got broken with this build, or for some other reason, and we currently seem unable to access some TLSv1.3 servers, including the ICS built server, yet some others still work. Still investigating, but may be several days, other more important things to finish first. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS V8.52 allows testing of SSL TLSv1.3 protocol
Another planned OpenSSL beta release this week. OpenSSL 1.1.1-pre7 (beta) is available for download, needs the overnight/SVN ICS V8.54 version to load. This beta support TLSv1.3 draft 28, which is hopefully he final version and is supported by several test web sites. Unfortunately TLSv1.3 in ICS is still partially broken, we are able to reach several test TLSv1.3 sites but my ICS built web server still connects with TLSv1.2. Will investigate properly next week. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS V8.52 allows testing of SSL TLSv1.3 protocol
I've fixed the ICS bug that stopped ICS servers negotiating TLSv1.3 connections with the last couple of OpenSSL betas, which sent new callback messages. Also client session caching should work now for TLSv1.3. SVN is updated, the overnight zip later this evening. You also need OpenSSL 1.1.1-pre7 (beta) from the wiki page. I've successfully tested ICS HTTP and FTP servers and clients talking TLSv1.3 together, not tried SMTP yet. Firefox version 61 now supports the latest TLSv1.3 draft 28 version by default, and successfully accesses the ICS web server. It is currently beta, from https://www.mozilla.org/en-US/firefox/61.0beta/releasenotes/ The final TLSv1.3 RFC is currently with the RFC editors in the publication queue. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS V8.52 allows testing of SSL TLSv1.3 protocol
Another planned OpenSSL beta release this week. OpenSSL 1.1.1-pre8 (beta) is available for download, needs the overnight/SVN ICS V8.55 version to load. This beta supports TLSv1.3 draft 28, which should be published as RFC8446 shortly, followed by one more OpenSSL beta, before the final long term support release of OpenSSL 1.1.1. I believe ICS now fully supports TLSv1.3, I have web, mail and FTP clients and servers sending data to each other using TLSv1.3 and the browser demo sample can open several sites using TLSv1.3. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
