New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for TLSv1.3 when compiled against openssl 1.1.1 #389
Conversation
#ifndef OPENSSL_NO_TLS1_3 | ||
// We specify this as we currently not handle these extra tickets send after the handshake / shutdown | ||
// in netty. We may want to remove this call once we do. | ||
SSL_CTX_set_num_tickets(ctx, 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suspect this is not needed anymore after my recent changes. I will check this later today as the wifi on the plane is not really great for downloading openssl 1.1.1 ;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yep removed... Was not needed anymore
fee7177
to
d8d9c8e
Compare
Anyone has any comments here ? I would love to pull this in and cut a release and then do the netty stuff :) |
Motivation: OpenSSL 1.1.1 was released which supports TLSv1.3 and it is the now the current LTS release. We should be able to compile against it and also support TLSv1.3. Modifications: - Add some new native methods to allow to set TLSv1.3 ciphersuites - Depending on if TLSv1.3 is supported or not set some flags Result: Be able to compile against OpenSSL 1.1.1 and make use of TLSv1.3. Fixes #345 and #256
31e00da
to
6f9301b
Compare
TLS 1.3 final will be released in Chrome in about 45 days. Isn't better to wait and move to boringSSL ? |
@SharpMan we will for sure also support it in the BoringSSL one once it is released. |
@carl-mastrangelo @ejona86 ping ... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Motivation: OpenSSL 1.1.1 was released which supports TLSv1.3 and it is the now the current LTS release. We should be able to compile against it and also support TLSv1.3. Modifications: - Add some new native methods to allow to set TLSv1.3 ciphersuites - Depending on if TLSv1.3 is supported or not set some flags Result: Be able to compile against OpenSSL 1.1.1 and make use of TLSv1.3. Fixes netty#345 and netty#256
Motivation:
OpenSSL 1.1.1 was released which supports TLSv1.3 and it is the now the current LTS release. We should be able to compile against it and also support TLSv1.3.
Modifications:
Result:
Be able to compile against OpenSSL 1.1.1 and make use of TLSv1.3. Fixes #345 and #256