Add support for TLSv1.3 when compiled against openssl 1.1.1 #389
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
normanmaurer
requested review from
carl-mastrangelo,
ejona86,
Scottmitch,
ryanoneill,
trustin and
bryce-anderson
normanmaurer
commented
Sep 17, 2018
| #ifndef OPENSSL_NO_TLS1_3 | ||
| // We specify this as we currently not handle these extra tickets send after the handshake / shutdown | ||
| // in netty. We may want to remove this call once we do. | ||
| SSL_CTX_set_num_tickets(ctx, 0); |
There was a problem hiding this comment.
I suspect this is not needed anymore after my recent changes. I will check this later today as the wifi on the plane is not really great for downloading openssl 1.1.1 ;)
There was a problem hiding this comment.
yep removed... Was not needed anymore
normanmaurer
force-pushed
the
openssl_1_1_1
branch
from
fee7177
to
d8d9c8e
Compare
|
Anyone has any comments here ? I would love to pull this in and cut a release and then do the netty stuff :) |
Motivation: OpenSSL 1.1.1 was released which supports TLSv1.3 and it is the now the current LTS release. We should be able to compile against it and also support TLSv1.3. Modifications: - Add some new native methods to allow to set TLSv1.3 ciphersuites - Depending on if TLSv1.3 is supported or not set some flags Result: Be able to compile against OpenSSL 1.1.1 and make use of TLSv1.3. Fixes #345 and #256
normanmaurer
force-pushed
the
openssl_1_1_1
branch
from
31e00da
to
6f9301b
Compare
|
TLS 1.3 final will be released in Chrome in about 45 days. Isn't better to wait and move to boringSSL ? |
|
@SharpMan we will for sure also support it in the BoringSSL one once it is released. |
|
@carl-mastrangelo @ejona86 ping ... |
fzakaria
pushed a commit
to fzakaria/netty-tcnative
that referenced
this pull request
Feb 4, 2019
Motivation: OpenSSL 1.1.1 was released which supports TLSv1.3 and it is the now the current LTS release. We should be able to compile against it and also support TLSv1.3. Modifications: - Add some new native methods to allow to set TLSv1.3 ciphersuites - Depending on if TLSv1.3 is supported or not set some flags Result: Be able to compile against OpenSSL 1.1.1 and make use of TLSv1.3. Fixes netty#345 and netty#256
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation:
OpenSSL 1.1.1 was released which supports TLSv1.3 and it is the now the current LTS release. We should be able to compile against it and also support TLSv1.3.
Modifications:
Result:
Be able to compile against OpenSSL 1.1.1 and make use of TLSv1.3. Fixes #345 and #256