On 26/07/2018 9:45 PM, PRAKASH RAI (prakrai) via freebsd-security wrote: > Hi All, > > I was going through the https://wiki.freebsd.org/OpenSSL and found that > openssl 1.1.1 support is planned for freeBSD 12. > As TLSv1.3 is based on openssl 1.1.1, does it mean that freeBSD 11.X would > not be having support for TLSv1.3? > > Basically I would like to understand if I can build openssl 1.1.1 (which is > having support for TLSv1.3) with FreeBSD 11.2 without any issue and enable > TLSv1.3 support? > > Regards, > Prakash > Prakash, You're very ambitious ;) TLSv1.3 is very different from 1.2 and others. Additional ciphers are "nice", but the session controls are quite different and will take a while for applications to settle into. Quite a few applications are not yet at openssl 1.1.0, so surprise yourself and try something like: for interests in security www; do find /usr/ports/$interests/ -name Makefile|xargs grep openssl-devel|grep BROKEN; done
And you should also note that the ports are only built on lowest supported FreeBSD (#1), and on the 11 stream, that seems to be FreeBSD 11.1Release; so we should really work in unison to migrate to openssl 1.1.1 :) Drawn your own conclusions about what ports have been tested on 11.2Release FYI perhaps consider libressl which has some additional/useful ciphers, might be worth a look if the ciphers are your driver. Ref: #1 Poke around here: http://beefy9.nyi.freebsd.org/data/latest-per-pkg/ Cheers. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
