Closed Bug 1374693 Opened 7 years ago Closed 6 years ago

Can't enable TLS 1.3 because Firefox only support draft 18?

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: yctung, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36

Steps to reproduce:

Is there anyway to enable TLS 1.3 draft 20 in Firefox (or Nightly)?

I have tried using Firefox Nightly (the only browser having both TLS 1.3 and 0RTT resumption) to test my TLS1.3 server built with nghttp2. However, I noticed the TLS 1.3 is never being used since the Firefox implementation only supports TLS 1.3 draft 18 while servers usually have draft 20 now. 

PS. I have ensured the tls.max is equal to 4


Actual results:

No TLS 1.3 is established when I connect Firefox to my TLS 1.3 server (draft 20)


Expected results:

Is there any "development" build of Firefox supporting TLS 1.3 draft 20 or even 19?
Assignee: nobody → nobody
Component: Untriaged → Libraries
Product: Firefox → NSS
Version: 55 Branch → other
We have a development build of -20 for NSS, but we haven't built it into Firefox. The issue is OpenSSL has -20 but BoringSSL and Cloudflare and Facebook are -18, so we will probably wait for a bit.
Hi Eric,

Thank you for the reply. I feel surprised that Cloudflare is using -18 as well. I have tried to run their TLS 1.3 demo at: https://blog.cloudflare.com/introducing-0-rtt/ but the websites think the TLS 1.3 is not supported in my browser (Nightly).

Yu-Chih
Blocked until we can merge the -20 branch.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Firefox Nightly currently supports draft 28 and the final TLS 1.3 should come in the next days.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.