Re: [openssl-dev] ETA: TLS 1.3 release

[Stefan Eissing]

> Am 19.04.2017 um 14:14 schrieb Salz, Rich via openssl-dev 
> :
> 
>> Out of curiosity, what's the ETA for TLS 1.3?
>> [1] mentions April 5 as the release date (which was two weeks ago).
>> 
>> [1]: https://blogs.akamai.com/2017/01/tls-13-ftw.html
> 
> That's an akamai blog, not an openssl statement :)  And that post is 
> misleading, it should have said "available" not "released."

Ok, let me announce then that Apache httpd then also has TLSv1.3 support 
"available". But our code is in trunk and 2.4.x.

;-P

-Stefan

> 
> The code is in master.
> 
> No date on a specific openssl release yet.
> -- 
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] SNI/ALPN ordering

[Stefan Eissing]

*NOT A SECURITY ISSUE*

That our of the way: while debugging my HTTP/2 module for Apache httpd, I see 
that the callback for SNI seems to be invoked *after* the callback for ALPN had 
been called (OpenSSL 1.0.2c). Can this be correct? Is there anything to 
influence this ordering?

My issue is that the proposed ALPN protocols depend on the virtual host the 
client wants to talk to. So, the observed order poses a bit of a problem. The 
code *can* check the server name via SSL_get_servername() and the correct name 
is reported. However this is not how it is supposed to work, right?

Again, if there is anything influencing the order of the callback invocation, 
I'd be willing to adapt. Otherwise, I think, the order needs to be defined in 
the OpenSSL API and it should be SNI before ALPN. 

Cheers,

  Stefan


green/bytes GmbH
Hafenweg 16, 48155 Münster, Germany
Phone: +49 251 2807760. Amtsgericht Münster: HRB5782



___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev