On 12/10/18 19:08, Christopher Schultz wrote: > Mark, > > On 10/11/18 16:39, Mark Thomas wrote: >> Hi, > >> As you probably noticed I've been working on TLS 1.3 support, >> building on Chris's work in BZ 62748. > >> The current status is the Tomcat Native 1.2.x and Tomcat 9.0.x >> support TLSv1.3 in any of the following combinations: - NIO[2]+JSSE >> on Java 11 - NIO[2]+OpenSSL on Java 8 onwards - APR/Native on Java >> 8 onwards > >> All combinations support server initiated requests for client >> certificates apart from NIO[2]+JSSE on Java 11 as the Java 11 >> TLSv1.3 implementation does not include post handshake >> authentication. > >> I have made quite a few changes to the Native code to support >> this. > >> My plan going forwards is as follows: > >> - give folks until early next week to review the native changes - >> tag 1.2.18 early next week - hopefully release 1.2.18 late next >> week - update 9.0.x to require 1.2.18 or later - tag / release >> 9.0.x > >> Alongside the above, I'll be backporting the TLSv1.3 support to >> 8.5.x and 9.0.x. > >> Thoughts, comments and especially code reviews welcome. > > Rather than throwing a new tcnative into both Tomcat 9.0.x and Tomcat > 8.5.x simultaneously, maybe we should release Tomcat 9.0.x with an > updated tcnative and get some feedback before we back-port everything.
Ah. I've already done the back-ports. We can certainly release 9.0.x and wait before 8.5.x though. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
