On 07/27/18 07:29, Apache Lounge wrote:
Maybe someone is interested.
With initial testing:
Chrome 68 with tls 1.3 draft 28 (setting in chrome://flags)
OpenSSL version 1.1.1-pre8
httpd-trunk revision 1836684
Chrome Output:
Connection - secure (strong TLS 1.3)
The connection to this site is encrypted and authenticated using TLS 1.3
(a strong protocol),
X25519 (a strong key exchange), and AES_256_GCM (a strong cipher).
httpd config:
SSLHonorCipherOrder On
SSLProtocol -all +TLSv1.3
SSLCompression off
SSLSessionTickets off
(no SSLCipherSuite defined)
Access log :
localhost:443 HTTP/2.0 ::1 - - [27/Jul/2018:12:58:21 +0200] TLSv1.3
TLS_AES_256_GCM_SHA384 "GET /index.html HTTP/2.0" 200 320 "-"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/68.0.3440.75 Safari/537.36"
Looks good .. you can also try https://www.tls13.net/
dc
