Hello,
On Wed, 5 Sep 2018 at 11:31, Haim Ari <[email protected]> wrote: > > Hello, > > Is there a way to add TLS v1.3 without compiling haproxy ? (and still use PPA > version for Ubuntu) No. TLSv1.3 requires OpenSSL 1.1.1, which is still in beta phase, and even if it becomes stable, it will require some time before openssl 1.1.1 hits the repository. Then haproxy will have to be rebuild on that; I doubt the PPA will contain a static version of openssl 1.1.1. Note also that currently *no* browser supports the final TLSv1.3 specification. Chrome supports some older draft (maybe draft-26) and Firefox supports draft-28, none of it will work with OpenSSL, as they just removed all draft support (only the final TLS1.3 spec is supported in OpenSSL as of beta 7). This is the time to test TLSv1.3, but it's not the time to deploy it in production unless you have the time to closely follow openssl and browser development. cheers, lukas
