TLS 1.3 Not working on some sites Topic is solved

Support and discussions for the x86/x64 Linux version of Pale Moon.

Moderators: trava90, satrow

User avatar
suffix
Newbie
Newbie
Posts: 4
Joined: Fri, 26 Oct 2018, 08:01
Location: Russia
Contact:

TLS 1.3 Not working on some sites

Unread postby suffix » Fri, 26 Oct 2018, 08:14

1. Pale moon 28.1.0, Ubuntu 18.04

2. Facebook.com show TLS 1.3

3. www.babai.ru show only TLS 1.2

But Crome 70, Firefox 63, htbridge - https://www.htbridge.com/ssl/?id=kqokkuK1, ssllabs - https://www.ssllabs.com/ssltest/analyze.html?d=www.babai.ru&s=185.158.115.215 show TLS 1.3

User avatar
suffix
Newbie
Newbie
Posts: 4
Joined: Fri, 26 Oct 2018, 08:01
Location: Russia
Contact:

Re: TLS 1.3 Not working on some sites

Unread postby suffix » Tue, 30 Oct 2018, 16:21

Is it just that I have one? Or is it not a mistake?

User avatar
therube
Astronaut
Astronaut
Posts: 644
Joined: Fri, 08 Jun 2018, 17:02

Re: TLS 1.3 Not working on some sites

Unread postby therube » Tue, 30 Oct 2018, 16:27

Don't really know, but it may have to do with the draft version level of TLS 1.3 that ships with PM vs what other browsers may have?

(Offhand not sure which draft version is in 28.1.0?
FF 61 was at draft 28. Not sure of more recent FF?)

User avatar
JustOff
Localization Coordinator
Localization Coordinator
Posts: 1549
Joined: Thu, 03 Sep 2015, 19:47
Location: UA
Contact:

Re: TLS 1.3 Not working on some sites

Unread postby JustOff » Tue, 30 Oct 2018, 20:34

At the moment Pale Moon supports Draft 28 via NSS 3.38, while for RFC 8446 we need NSS 3.39 shipped with Firefox 63. I believe this will be addressed by Moonchild in due time.
Here are the add-ons I made in a spare time. That was fun!

roytam1
Fanatic
Fanatic
Posts: 141
Joined: Wed, 11 Mar 2015, 07:01
Location: Hong Kong

Re: TLS 1.3 Not working on some sites

Unread postby roytam1 » Tue, 30 Oct 2018, 23:36

NSS 3.39 will break sites that is using older TLS 1.3 draft library ( see https://bugzilla.mozilla.org/show_bug.cgi?id=1488240 )

User avatar
JustOff
Localization Coordinator
Localization Coordinator
Posts: 1549
Joined: Thu, 03 Sep 2015, 19:47
Location: UA
Contact:

Re: TLS 1.3 Not working on some sites

Unread postby JustOff » Wed, 31 Oct 2018, 01:19

You are wrong, that was not NSS problem, and now it is resolved on the CDN side.
Here are the add-ons I made in a spare time. That was fun!

roytam1
Fanatic
Fanatic
Posts: 141
Joined: Wed, 11 Mar 2015, 07:01
Location: Hong Kong

Re: TLS 1.3 Not working on some sites

Unread postby roytam1 » Wed, 31 Oct 2018, 01:56

JustOff wrote:You are wrong, that was not NSS problem, and now it is resolved on the CDN side.

This happens because NSS can't select TLS 1.3 draft version, unlike chrome.
I don't say "this is a bug of NSS", just an observation. You can't ensure every sites/CDNs will update their crypto library in time.

User avatar
suffix
Newbie
Newbie
Posts: 4
Joined: Fri, 26 Oct 2018, 08:01
Location: Russia
Contact:

Re: TLS 1.3 Not working on some sites

Unread postby suffix » Wed, 31 Oct 2018, 06:09

Stop. Stop. Stop. This cannot be due to draft 28 or final version of TLS 1.3.

I indicated in the first message that Pale moon 28.1.0 sees TLS 1.3 on facebook.com.

Facebook.com support final version TLS 1.3 as my site (https://www.babai.ru).

But on my site Palee moon see only TLS 1.2

The problem is something else
Last edited by suffix on Wed, 31 Oct 2018, 06:10, edited 2 times in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 22326
Joined: Sun, 28 Aug 2011, 17:27
Location: 58.5°N 15.5°E
Contact:

Re: TLS 1.3 Not working on some sites

Unread postby Moonchild » Wed, 31 Oct 2018, 06:32

suffix wrote:The problem is something else

The problem is you're being too impatient for a standard that is still settling and support for which is still experimental and being rolled out world-wide.
Improving Mozilla code: You know you're on the right track with code changes when you spend the majority of your time deleting code.

"If you want to build a better world for yourself, you have to be willing to build one for everybody." -- Coyote Osborne

Take note: 23 November is Wolfenoot! Eat roast meat and/or cake decorated like the full moon. #wolfenoot

User avatar
JustOff
Localization Coordinator
Localization Coordinator
Posts: 1549
Joined: Thu, 03 Sep 2015, 19:47
Location: UA
Contact:

Re: TLS 1.3 Not working on some sites  Topic is solved

Unread postby JustOff » Wed, 31 Oct 2018, 16:33

Since more than a week has passed since the release of Firefox 63 and no one publicly reported on any serious incidents with SSL, I created a private build of Pale Moon 28.1.0 + NSS 3.39 and switch to it as a primary browser for testing from today.

https://tls13.crypto.mozilla.org - TLS 1.3 (AES-GCM, 128bit)
https://tls13.pinterjann.is - TLS 1.3 (AES-GCM, 256bit)
https://enabled.tls13.com - TLS 1.3 (AES-GCM, 128bit)
https://tls.ctf.network - TLS 1.3 (AES-GCM, 128bit)
https://swifttls.org - TLS 1.3 (AES-GCM, 128bit)

https://www.facebook.com - TLS 1.3 (AES-GCM, 128bit)
https://www.cloudflare.com - TLS 1.3 (AES-GCM, 128bit)
https://abs.twimg.com - TLS 1.3 (AES-GCM, 256bit)
https://www.babai.ru - TLS 1.3 (AES-GCM, 256bit)
Here are the add-ons I made in a spare time. That was fun!

User avatar
therube
Astronaut
Astronaut
Posts: 644
Joined: Fri, 08 Jun 2018, 17:02

Re: TLS 1.3 Not working on some sites

Unread postby therube » Wed, 31 Oct 2018, 17:57

So, what, you took the nss*.* files from a FF 63 install, copying those, overwriting existing in PM install, & with that www.babai.ru comes up as 1.3?

If so, then its just a matter of waiting for PM to update its TLS version to 1.3 release spec.

User avatar
JustOff
Localization Coordinator
Localization Coordinator
Posts: 1549
Joined: Thu, 03 Sep 2015, 19:47
Location: UA
Contact:

Re: TLS 1.3 Not working on some sites

Unread postby JustOff » Wed, 31 Oct 2018, 19:13

therube wrote:So, what, you took the nss*.* files from a FF 63 install, copying those, overwriting existing in PM install, & with that http://www.babai.ru comes up as 1.3?

It does not work this way, everything should be compiled from sources. The rest is correct.

If so, then its just a matter of waiting for PM to update its TLS version to 1.3 release spec.

Yes, when Moonchild decides that it is time to update the NSS library.
Here are the add-ons I made in a spare time. That was fun!

User avatar
seifhd
Newbie
Newbie
Posts: 3
Joined: Sat, 10 Nov 2018, 01:04

Re: TLS 1.3 Not working on some sites

Unread postby seifhd » Sat, 10 Nov 2018, 01:09

So, what, you took the nss

User avatar
seifhd
Newbie
Newbie
Posts: 3
Joined: Sat, 10 Nov 2018, 01:04

Re: TLS 1.3 Not working on some sites

Unread postby seifhd » Mon, 12 Nov 2018, 11:58

yeah !!!

thank you..


Return to “Pale Moon for Linux”

Who is online

Users browsing this forum: No registered users and 11 guests