Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

Hi Lukas, > > FYI OpenSSL did a 180 on this, they are implemented a new API call to > set TLSv1.3 ciphers and enable them by default: > > https://github.com/mattcaswell/openssl/commit/d93e832a82087a5f9bcf7d93ed7ae21bc6c1fed0 > >

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

Hello Emeric, On 12 January 2018 at 15:57, Emeric Brun wrote: > Hi All, > > FYI: upgrading to next openssl-1.1.1 could break your prod if you're using a > forced cipher list because > handshake will fail regardless the tls protocol version if you don't specify > a cipher

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

Hello, On 13 January 2018 at 20:57, Pavlos Parissis wrote: > On 13/01/2018 04:22 μμ, Lukas Tribus wrote: >> Hello, >> >> >> On 13 January 2018 at 15:17, Pavlos Parissis >> wrote: Not exactly, the moment you force a cipher list that

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

On 13/01/2018 04:22 μμ, Lukas Tribus wrote: > Hello, > > > On 13 January 2018 at 15:17, Pavlos Parissis > wrote: >>> Not exactly, the moment you force a cipher list that does not include a >>> TLSv1.3 cipher in the server side (which has TLSv1.3 enabled) the TLS >>>

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

Hello, On 13 January 2018 at 15:17, Pavlos Parissis wrote: >> Not exactly, the moment you force a cipher list that does not include a >> TLSv1.3 cipher in the server side (which has TLSv1.3 enabled) the TLS >> handshake will break regardless of what is in the Client

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

On 13/01/2018 01:22 μμ, Moemen MHEDHBI wrote: > HI Pavlos, > > > On 12/01/2018 22:53, Pavlos Parissis wrote: >> On 12/01/2018 03:57 μμ, Emeric Brun wrote: >>> Hi All, >>> >>> FYI: upgrading to next openssl-1.1.1 could break your prod if you're using >>> a forced cipher list because >>>

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

HI Pavlos, On 12/01/2018 22:53, Pavlos Parissis wrote: > On 12/01/2018 03:57 μμ, Emeric Brun wrote: >> Hi All, >> >> FYI: upgrading to next openssl-1.1.1 could break your prod if you're using a >> forced cipher list because >> handshake will fail regardless the tls protocol version if you don't

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

2, 2018 4:55 PM To: Emeric Brun; haproxy@formilux.org Subject: Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions . On 12/01/2018 03:57 μμ, Emeric Brun wrote: > Hi All, > > FYI: upgrading to next openssl-1.1.1

Re: Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

On 12/01/2018 03:57 μμ, Emeric Brun wrote: > Hi All, > > FYI: upgrading to next openssl-1.1.1 could break your prod if you're using a > forced cipher list because > handshake will fail regardless the tls protocol version if you don't specify > a cipher valid for TLSv1.3 > in your cipher list. >

Warning: upgrading to openssl master+ enable_tls1_3 (coming v1.1.1) could break handshakes for all protocol versions .

Hi All, FYI: upgrading to next openssl-1.1.1 could break your prod if you're using a forced cipher list because handshake will fail regardless the tls protocol version if you don't specify a cipher valid for TLSv1.3 in your cipher list. https://github.com/openssl/openssl/issues/5057