Can't enable TLS 1.3 because Firefox only support draft 18?

NEW
Unassigned

Status

NSS
Libraries
P3
normal
8 months ago
5 months ago

People

(Reporter: yctung, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 months ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36

Steps to reproduce:

Is there anyway to enable TLS 1.3 draft 20 in Firefox (or Nightly)?

I have tried using Firefox Nightly (the only browser having both TLS 1.3 and 0RTT resumption) to test my TLS1.3 server built with nghttp2. However, I noticed the TLS 1.3 is never being used since the Firefox implementation only supports TLS 1.3 draft 18 while servers usually have draft 20 now. 

PS. I have ensured the tls.max is equal to 4


Actual results:

No TLS 1.3 is established when I connect Firefox to my TLS 1.3 server (draft 20)


Expected results:

Is there any "development" build of Firefox supporting TLS 1.3 draft 20 or even 19?

Updated

8 months ago
Assignee: nobody → nobody
Component: Untriaged → Libraries
Product: Firefox → NSS
Version: 55 Branch → other

Comment 1

8 months ago
We have a development build of -20 for NSS, but we haven't built it into Firefox. The issue is OpenSSL has -20 but BoringSSL and Cloudflare and Facebook are -18, so we will probably wait for a bit.
(Reporter)

Comment 2

8 months ago
Hi Eric,

Thank you for the reply. I feel surprised that Cloudflare is using -18 as well. I have tried to run their TLS 1.3 demo at: https://blog.cloudflare.com/introducing-0-rtt/ but the websites think the TLS 1.3 is not supported in my browser (Nightly).

Yu-Chih
Blocked until we can merge the -20 branch.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.