Closed
Bug 1483129
Opened 6 years ago
Closed 6 years ago
Enable the TLS 1.3 final version number
Categories
(NSS :: Libraries, enhancement)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.39
People
(Reporter: mt, Assigned: mt)
References
Details
Now that RFC 8446 has happened, we should use the final version number. We need to retain the ability to version DTLS, so that will need some care. There are also reports of the downgrade protection in TLS 1.3 being fragile in some deployments. We haven't tested that (we couldn't), so we'll probably need some sort of control on that so that we can either roll it out progressively, or back out that bit if necessary.
Comment 2•6 years ago
|
||
When the downgrade protection is a problem even though we no longer fallback to lower versions anyway?
Comment 3•6 years ago
|
||
Looks like Chromium has support in place for Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.42 Safari/537.36 as that has hit www.tls13.net neatly. Firefox nightly must be close.
I think that was my client. I'm using Chromium Beta patched with the latest boringssl and https://chromium-review.googlesource.com/c/chromium/src/+/1172504 . Sorry for the confusion :)
Comment 5•6 years ago
|
||
Looks like a clean web agent GET and no errors and that means it works. Nothing else has.
Assignee | ||
Comment 6•6 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/ee357b00f2e6c44589dcd406097357888d59ef06
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.39
Comment 7•6 years ago
|
||
This is NOT resolved. The very latest nightly Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0 Built from https://hg.mozilla.org/mozilla-central/rev/e4e2245fc1428c33db179ca2f242b922ad988d79 does not work. Can NOT reach site www.tls13.net which does run the actual TLS 1.3 protocol and has been checked with openssl s_client.
Assignee | ||
Comment 8•6 years ago
|
||
Dennis, this is not a Firefox bug. The fix will be in Firefox when NSS is next integrated there. Be patient.
Comment 9•6 years ago
|
||
Well things are working like a charm now with rev/b75561ff5ffec3164338952adfe58620e5e3bc1d
You need to log in
before you can comment on or make changes to this bug.
Description
•