Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
I suppose Facebook reports 50% because their mobile apps uses their SSL library Fizz with Tls 1.3 https://thehackernews.com/2018/08/fizz-tls-ssl-library.html I'm curious seeing your telemetry info now. Chrome 70 was released last week, and FireFox 63 today, with TLS 1.3 support regards Le mer. 12 sept. 2018 à 16:41, Viktor Dukhovni a écrit : > > > > On Sep 12, 2018, at 10:20 AM, Benjamin Kaduk via openssl-users < > openssl-users@openssl.org> wrote: > > > > IIUC, only Firefox nightly as of approximately today will support the > final > > RFC 8446 version; I haven't looked into Chrome yet. > > From the Firefox TLS 1.3 blog entry: > > > https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/ > > What Now? > > TLS 1.3 is already widely deployed: both Firefox and Chrome have fielded > “draft” versions. Firefox 61 is already shipping draft-28, which is > essentially the same as the final published version (just with a different > version number). We expect to ship the final version in Firefox 63, > scheduled for October 2018. Cloudflare, Google, and Facebook are running it > on their servers today. Our telemetry shows that around 5% of Firefox > connections are TLS 1.3. Cloudflare reports similar numbers, and Facebook > reports that an astounding 50+% of their traffic is already TLS 1.3! > > -- > Viktor. > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
>The users who delay or block automatic updates tend to greatly overlap with the users who actively block remote telemetry of their update habits, thus skewing such statistics of "get almost full coverage within a month or two". But not downloads. :) Shrug. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On 18/09/2018 19:11, Salz, Rich via openssl-users wrote: My point was about the likelihood of last-draft browsers lingering on in the real world for some time (like 1 to 3 years) after the TLS1.3-final browser versions ship. I do not think this is a concern. Chrome and FF auto-update and get almost full coverage within a month or two, for example. Edge hasn't shipped TLS 1.3 yet. Safari encourages auto-update. That's most of the browser market. While I have already accepted the infeasibility of adding this to OpenSSL, I will have to emphasize that your argument has a serious flaw: The users who delay or block automatic updates tend to greatly overlap with the users who actively block remote telemetry of their update habits, thus skewing such statistics of "get almost full coverage within a month or two". Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On Tue, Sep 18, 2018 at 05:11:42PM +, Salz, Rich via openssl-users wrote: > >My point was about the likelihood of last-draft browsers lingering > on in the real world for some time (like 1 to 3 years) after the > TLS1.3-final browser versions ship. > > I do not think this is a concern. Chrome and FF auto-update and get almost > full coverage within a month or two, for example. Edge hasn't shipped TLS > 1.3 yet. Safari encourages auto-update. That's most of the browser market. I think chrome and firefox cover all browsers that ever enabled a draft version. Kurt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
>My point was about the likelihood of last-draft browsers lingering on in the real world for some time (like 1 to 3 years) after the TLS1.3-final browser versions ship. I do not think this is a concern. Chrome and FF auto-update and get almost full coverage within a month or two, for example. Edge hasn't shipped TLS 1.3 yet. Safari encourages auto-update. That's most of the browser market. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On 15/09/2018 10:46, Kurt Roeckx wrote: On Thu, Sep 13, 2018 at 08:13:41PM +0200, Jakob Bohm wrote: On 13/09/2018 09:57, Klaus Keppler wrote: Hi, thank you for all your responses. I've just tested with Firefox Nightly 64.0a1, and both s_server and our own app (using OpenSSL 1.1.1-release) are working fine. The Firefox website is quite confusing: Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number). (https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/) This is quite confusing, as it sounds better than it actually is. (so I've just learned that draft-28 is obviously incompatible with RFC8446) So thank you for your input, will now continue with OpenSSL 1.1.1. The rest will be only a matter of time. :D Best regards -Klaus Would it be reasonable for 1.1.1a to add a transitional "bugs" bit (to be removed again in a few years) to accept the draft version number of final TLS 1.3, if the protocols are otherwise identical? Draft versions really should die as soon as possible. If we ever put it in a released version, it will still be in use in 10 years, which really isn't something we want. On the other hand, in a few weeks browsers will stop using those draft versions, so I really don't see the point. My point was about the likelihood of last-draft browsers lingering on in the real world for some time (like 1 to 3 years) after the TLS1.3-final browser versions ship. The inspiration was the report that facebook had done this on their own servers, presumably based on their massive metrics of real world browsers. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On Thu, Sep 13, 2018 at 08:13:41PM +0200, Jakob Bohm wrote: > On 13/09/2018 09:57, Klaus Keppler wrote: > > Hi, > > > > thank you for all your responses. > > > > I've just tested with Firefox Nightly 64.0a1, and both s_server and our > > own app (using OpenSSL 1.1.1-release) are working fine. > > > > The Firefox website is quite confusing: > > > > > Firefox 61 is already shipping draft-28, which is essentially the same as > > > the final published version (just with a different version number). > > (https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/) > > > > This is quite confusing, as it sounds better than it actually is. > > (so I've just learned that draft-28 is obviously incompatible with RFC8446) > > > > So thank you for your input, will now continue with OpenSSL 1.1.1. > > The rest will be only a matter of time. :D > > > > Best regards > > > > -Klaus > Would it be reasonable for 1.1.1a to add a transitional "bugs" bit (to be > removed again in a few years) to accept the draft version number of final > TLS 1.3, if the protocols are otherwise identical? Draft versions really should die as soon as possible. If we ever put it in a released version, it will still be in use in 10 years, which really isn't something we want. On the other hand, in a few weeks browsers will stop using those draft versions, so I really don't see the point. Kurt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On 13/09/2018 21:47, Salz, Rich via openssl-users wrote: Much work for little gain and purpose. You can mix drafts, but mixing the draft and the official version is hard, there's too many semantic changes (e.g., around fallback vs no-fallback-protection). Ok, from what others had said, the only change between draft-28 and final was supposedly the version number. Given all the talk of testing of the protocol design, it would seem out of character for the WG to have mechanisms that were disabled in all the drafts and thus untested. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
Much work for little gain and purpose. You can mix drafts, but mixing the draft and the official version is hard, there's too many semantic changes (e.g., around fallback vs no-fallback-protection). -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On Thu, Sep 13, 2018 at 08:13:41PM +0200, Jakob Bohm wrote: > On 13/09/2018 09:57, Klaus Keppler wrote: > >Hi, > > > >thank you for all your responses. > > > >I've just tested with Firefox Nightly 64.0a1, and both s_server and our > >own app (using OpenSSL 1.1.1-release) are working fine. > > > >The Firefox website is quite confusing: > > > >>Firefox 61 is already shipping draft-28, which is essentially the same as > >>the final published version (just with a different version number). > >(https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/) > > > >This is quite confusing, as it sounds better than it actually is. > >(so I've just learned that draft-28 is obviously incompatible with RFC8446) > > > >So thank you for your input, will now continue with OpenSSL 1.1.1. > >The rest will be only a matter of time. :D > > > >Best regards > > > >-Klaus > Would it be reasonable for 1.1.1a to add a transitional "bugs" bit (to be > removed again in a few years) to accept the draft version number of final > TLS 1.3, if the protocols are otherwise identical? > > This would be similar to the (now historic) bits for known bugs in other > popular clients. It also seems to be what Facebook has done for their > own servers (according to other posts in this discussion). > > Or would it be unproblematic from a real world perspective to just keep > TLS 1.3 non-functional for draft-28 browsers? It would be unproblematic. Such browsers will use TLS 1.2 just fine, and are going to be auto-updating to a version capable of official TLS 1.3 very soon anyway. -Ben -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On 09/13/2018 02:13 PM, Jakob Bohm wrote: On 13/09/2018 09:57, Klaus Keppler wrote: Hi, thank you for all your responses. I've just tested with Firefox Nightly 64.0a1, and both s_server and our own app (using OpenSSL 1.1.1-release) are working fine. The Firefox website is quite confusing: Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number). (https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/) This is quite confusing, as it sounds better than it actually is. (so I've just learned that draft-28 is obviously incompatible with RFC8446) So thank you for your input, will now continue with OpenSSL 1.1.1. The rest will be only a matter of time. :D Best regards -Klaus Would it be reasonable for 1.1.1a to add a transitional "bugs" bit (to be removed again in a few years) to accept the draft version number of final TLS 1.3, if the protocols are otherwise identical? What would the benefit be? Allow support for older browsers? I think that TLSv1.3 support exists fine in Firefox now and ver 61 is not an ESR release at all. I am not sure what the benefit would be. Draft 28 is much like Draft X for any X less than 28. This would be similar to the (now historic) bits for known bugs in other popular clients. It also seems to be what Facebook has done for their own servers (according to other posts in this discussion). Or would it be unproblematic from a real world perspective to just keep TLS 1.3 non-functional for draft-28 browsers? Given that the protocol is published and the browser support exists for the real protocol then there can not be a raeason to support Draft X. Dennis -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On 13/09/2018 09:57, Klaus Keppler wrote: Hi, thank you for all your responses. I've just tested with Firefox Nightly 64.0a1, and both s_server and our own app (using OpenSSL 1.1.1-release) are working fine. The Firefox website is quite confusing: Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number). (https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/) This is quite confusing, as it sounds better than it actually is. (so I've just learned that draft-28 is obviously incompatible with RFC8446) So thank you for your input, will now continue with OpenSSL 1.1.1. The rest will be only a matter of time. :D Best regards -Klaus Would it be reasonable for 1.1.1a to add a transitional "bugs" bit (to be removed again in a few years) to accept the draft version number of final TLS 1.3, if the protocols are otherwise identical? This would be similar to the (now historic) bits for known bugs in other popular clients. It also seems to be what Facebook has done for their own servers (according to other posts in this discussion). Or would it be unproblematic from a real world perspective to just keep TLS 1.3 non-functional for draft-28 browsers? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
Hi, thank you for all your responses. I've just tested with Firefox Nightly 64.0a1, and both s_server and our own app (using OpenSSL 1.1.1-release) are working fine. The Firefox website is quite confusing: > Firefox 61 is already shipping draft-28, which is essentially the same as the > final published version (just with a different version number). (https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/) This is quite confusing, as it sounds better than it actually is. (so I've just learned that draft-28 is obviously incompatible with RFC8446) So thank you for your input, will now continue with OpenSSL 1.1.1. The rest will be only a matter of time. :D Best regards -Klaus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On 09/12/2018 04:46 PM, Juan Isoza wrote: As I understand and check: https://www.tls13.net accept connexion from final openssl-1.1.1 (RFC8446) but not from openssl-1.1.1 pre8 (draft 28) At this point the protocol is published and the OpenSSL 1.1.1 release is done. You should not be looking for *draft* anything. Dennis -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
As I understand and check: https://www.tls13.net accept connexion from final openssl-1.1.1 (RFC8446) but not from openssl-1.1.1 pre8 (draft 28) https://tls13.crypto.mozilla.org accept connexion from openssl-1.1.1 pre8 (draft 28) but not from final openssl-1.1.1 (RFC8446) https://www.facebook.com accept connexion from both openssl-1.1.1 pre8 (draft 28) and from final openssl-1.1.1 (RFC8446) Current public release of chrome and firefox uses draft 28 -- I tested ios 12 GM (published today) on an iPhone and it seem not using TLS 1.3 :-( -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On 09/12/2018 12:06 PM, Angus Robertson - Magenta Systems Ltd wrote: IIUC, only Firefox nightly as of approximately today will support the final RFC 8446 version; Firefox 63.0b5 works OK with OpenSSL 1.1.1, think it came Tuesday. Even Firefox/60.0 works. https://download.mozilla.org/?product=firefox-beta-stub=win=en-U S I haven't looked into Chrome yet. Seen in the wild : Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.42 Safari/537.36 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.57 Safari/537.36 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.9 Safari/537.36 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3544.0 Safari/537.36 Dennis -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
> Some Chrome browsers seem to be hitting https://www.tls13.net/ > with versions from Chrome/70.0.3534.4 upwards to Chrome/71.0.3544.0 Some of my public web servers are now on yesterday's version, three TLSv1.3 users today, two with Firefox 63, one with Chrome/68.0.3440.106+Safari/537.36. I seem to be on Chromium Chrome/70.0.3538.9 and TLSv1.3 did not initially work, had to go to experimental flags to change from draft 28 and final and now it does work. Angus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
> IIUC, only Firefox nightly as of approximately today will support > the final RFC 8446 version; Firefox 63.0b5 works OK with OpenSSL 1.1.1, think it came Tuesday. https://download.mozilla.org/?product=firefox-beta-stub=win=en-U S > I haven't looked into Chrome yet. My versions don't work yet, but I might not be on the latest nightly stuff. Angus -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On 09/12/2018 09:50 AM, Klaus Keppler wrote: Hi, when I create a TLS-1.3-only "web" server with s_server (from OpenSSL 1.1.1-release), Firefox/Chrome can't access it. Be sure to use Firefox nightly version 64.0a1 and upwards. Anything less and you may be getting draft 28 support and NOT actual RFC release protocol support. Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0 That works. Dennis -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On 09/12/2018 10:44 AM, Viktor Dukhovni wrote: On Sep 12, 2018, at 10:41 AM, Viktor Dukhovni wrote: IIUC, only Firefox nightly as of approximately today will support the final RFC 8446 version; I haven't looked into Chrome yet. From the Firefox TLS 1.3 blog entry: https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/ Similarly, for Chrome the final TLS 1.3 is not out quite yet: https://www.chromium.org/Home/tls13 Chrome has been shipping a draft version of TLS 1.3 since Chrome 65. >In Chrome 70, the final version of TLS 1.3 will be enabled ... Some Chrome browsers seem to be hitting https://www.tls13.net/ with versions from Chrome/70.0.3534.4 upwards to Chrome/71.0.3544.0. The Firefox nightly versions have been fine for a while now. Weeks. There is no sign of life at all from the Opera people sadly. Dennis -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
> On Sep 12, 2018, at 10:41 AM, Viktor Dukhovni > wrote: > >> IIUC, only Firefox nightly as of approximately today will support the final >> RFC 8446 version; I haven't looked into Chrome yet. > > From the Firefox TLS 1.3 blog entry: > > https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/ Similarly, for Chrome the final TLS 1.3 is not out quite yet: https://www.chromium.org/Home/tls13 Chrome has been shipping a draft version of TLS 1.3 since Chrome 65. In Chrome 70, the final version of TLS 1.3 will be enabled for outgoing connections. (A small percentage may be held back to provide comparison metrics.) -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
> On Sep 12, 2018, at 10:20 AM, Benjamin Kaduk via openssl-users > wrote: > > IIUC, only Firefox nightly as of approximately today will support the final > RFC 8446 version; I haven't looked into Chrome yet. From the Firefox TLS 1.3 blog entry: https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/ What Now? TLS 1.3 is already widely deployed: both Firefox and Chrome have fielded “draft” versions. Firefox 61 is already shipping draft-28, which is essentially the same as the final published version (just with a different version number). We expect to ship the final version in Firefox 63, scheduled for October 2018. Cloudflare, Google, and Facebook are running it on their servers today. Our telemetry shows that around 5% of Firefox connections are TLS 1.3. Cloudflare reports similar numbers, and Facebook reports that an astounding 50+% of their traffic is already TLS 1.3! -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] s_server -www -tls1_3: Firefox/Chrome not working
On Wed, Sep 12, 2018 at 03:50:17PM +0200, Klaus Keppler wrote: > Hi, > > when I create a TLS-1.3-only "web" server with s_server (from OpenSSL > 1.1.1-release), Firefox/Chrome can't access it. > According to all docs I've read so far, the TLS 1.3 implementations both > from Firefox (62.x) and from Chrome (69.x) should be compatible so far. You need to check that the browser is implementing the final RFC 8446 version and not an earlier draft version -- two are incompatible by design (and OpenSSL 1.1.1 implements the final RFC 8446 version). IIUC, only Firefox nightly as of approximately today will support the final RFC 8446 version; I haven't looked into Chrome yet. -Ben -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
