Re: TLS 1.3 protocol question

2020-03-14 Thread Kaushal Shriyan 
Thank you for the clarification.

On Sun, Mar 15, 2020 at 1:23 AM Salz, Rich  wrote:

> The TLS RFC describes the “bytes on the wire” – the syntax for how client
> and server communicate, and the semantics of those exchanges.
>
>
>
> Is it a specification or standard?  Yup both.
>
>
>
> Is OpenSSL implementation of the spec?  Yup.
>
>
>
> What language used in the spec?  It’s described in the RFC; see
> “presentation language”
>
>
>

Re: TLS version 1.3 in Production servers.

2020-03-14 Thread Kaushal Shriyan 
Thanks Rich Salz for the email. Further to your email, I will appreciate it
if you can point me to suggested and recommended online books to understand
cryptography. I look forward to hearing from you. Thanks in advance.

Best Regards,

On Sat, Mar 14, 2020 at 7:13 PM Salz, Rich  wrote:

> *>* Please suggest me books or tutorials to understand OpenSSL and TLS
> cryptographic protocol in detail. I look forward to hearing from you.
> Thanks in advance.
>
>
>
> Start with the RFC’s, then look for crypto basics – there are free books
> online.
>

Re: TLS 1.3 protocol question

2020-03-14 Thread Salz, Rich via openssl-users 
The TLS RFC describes the “bytes on the wire” – the syntax for how client and 
server communicate, and the semantics of those exchanges.

Is it a specification or standard?  Yup both.

Is OpenSSL implementation of the spec?  Yup.

What language used in the spec?  It’s described in the RFC; see “presentation 
language”

TLS 1.3 protocol question

2020-03-14 Thread Kaushal Shriyan 
Hi,

I have been going through RFC's regarding the TLS version 1.3 protocol. I
am curious to know does it mean that the TLS version 1.3 protocol is a
specification or standard to communicate between client and server? And
OpenSSL is a cryptography library to implement TLS version 1.3 protocol?
What is the programming language used for the specification of the TLS
version 1.3 protocol?

Please correct me if I am asking any questions which are irrelevant. Thanks
in advance and I look forward to hearing from you.

Best Regards,

Kaushal

Re: TLS version 1.3 in Production servers.

2020-03-14 Thread Salz, Rich via openssl-users 
> Please suggest me books or tutorials to understand OpenSSL and TLS 
> cryptographic protocol in detail. I look forward to hearing from you. Thanks 
> in advance.

Start with the RFC’s, then look for crypto basics – there are free books online.

Re: TLS version 1.3 in Production servers.

2020-03-14 Thread Kaushal Shriyan 
On Sat, Mar 14, 2020 at 6:32 PM Salz, Rich  wrote:

>
>- I am reading this article
>https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3
>
> 
>  I
>have a followup question regarding TLS version 1.3. Can we use it in
>production servers or it is good to be on TLS version 1.2? I look forward
>to hearing from you.
>
>
>
> There are no problems with the protocol; it has had extensive analysis.
> There are no known implementation bugs, but of course that doesn’t mean
> there are none.  Most browsers will use TLS 1.3 if the server supports it.
> Many big websites or providers use it.  Go ahead. It does a smidgen more
> crypto work, but client/server latency is reduced.
>
>
>
> As for TLS 1.2, it has not had as much analysis, but has no known protocol
> flaws. It is also considered safe to use.
>
>
>
> Do not use TLS 1.1, TLS 1.0 or SSL 3.
>
>
>

Thanks Rich Salz for the explanation and much appreciated. Please suggest
me books or tutorials to understand OpenSSL and TLS cryptographic protocol
in detail. I look forward to hearing from you. Thanks in advance.

Best Regards,

Kaushal

Re: TLS version 1.3 in Production servers.

2020-03-14 Thread Salz, Rich via openssl-users 
  *   I am reading this article 
https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3
 I have a followup question regarding TLS version 1.3. Can we use it in 
production servers or it is good to be on TLS version 1.2? I look forward to 
hearing from you.

There are no problems with the protocol; it has had extensive analysis. There 
are no known implementation bugs, but of course that doesn’t mean there are 
none.  Most browsers will use TLS 1.3 if the server supports it. Many big 
websites or providers use it.  Go ahead. It does a smidgen more crypto work, 
but client/server latency is reduced.

As for TLS 1.2, it has not had as much analysis, but has no known protocol 
flaws. It is also considered safe to use.

Do not use TLS 1.1, TLS 1.0 or SSL 3.