TLS 1.3 Not working on some sites Topic is solved
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
TLS 1.3 Not working on some sites
1. Pale moon 28.1.0, Ubuntu 18.04
2. Facebook.com show TLS 1.3
3. www.babai.ru show only TLS 1.2
But Crome 70, Firefox 63, htbridge - https://www.htbridge.com/ssl/?id=kqokkuK1, ssllabs - https://www.ssllabs.com/ssltest/analyze.html?d=www.babai.ru&s=185.158.115.215 show TLS 1.3
2. Facebook.com show TLS 1.3
3. www.babai.ru show only TLS 1.2
But Crome 70, Firefox 63, htbridge - https://www.htbridge.com/ssl/?id=kqokkuK1, ssllabs - https://www.ssllabs.com/ssltest/analyze.html?d=www.babai.ru&s=185.158.115.215 show TLS 1.3
Re: TLS 1.3 Not working on some sites
Is it just that I have one? Or is it not a mistake?
Re: TLS 1.3 Not working on some sites
Don't really know, but it may have to do with the draft version level of TLS 1.3 that ships with PM vs what other browsers may have?
(Offhand not sure which draft version is in 28.1.0?
FF 61 was at draft 28. Not sure of more recent FF?)
(Offhand not sure which draft version is in 28.1.0?
FF 61 was at draft 28. Not sure of more recent FF?)
Re: TLS 1.3 Not working on some sites
At the moment Pale Moon supports Draft 28 via NSS 3.38, while for RFC 8446 we need NSS 3.39 shipped with Firefox 63. I believe this will be addressed by Moonchild in due time.
Re: TLS 1.3 Not working on some sites
NSS 3.39 will break sites that is using older TLS 1.3 draft library ( see https://bugzilla.mozilla.org/show_bug.cgi?id=1488240 )
Re: TLS 1.3 Not working on some sites
You are wrong, that was not NSS problem, and now it is resolved on the CDN side.
Re: TLS 1.3 Not working on some sites
This happens because NSS can't select TLS 1.3 draft version, unlike chrome.JustOff wrote:You are wrong, that was not NSS problem, and now it is resolved on the CDN side.
I don't say "this is a bug of NSS", just an observation. You can't ensure every sites/CDNs will update their crypto library in time.
Re: TLS 1.3 Not working on some sites
Stop. Stop. Stop. This cannot be due to draft 28 or final version of TLS 1.3.
I indicated in the first message that Pale moon 28.1.0 sees TLS 1.3 on facebook.com.
Facebook.com support final version TLS 1.3 as my site (https://www.babai.ru).
But on my site Palee moon see only TLS 1.2
The problem is something else
I indicated in the first message that Pale moon 28.1.0 sees TLS 1.3 on facebook.com.
Facebook.com support final version TLS 1.3 as my site (https://www.babai.ru).
But on my site Palee moon see only TLS 1.2
The problem is something else
Last edited by suffix on 2018-10-31, 06:10, edited 2 times in total.
Re: TLS 1.3 Not working on some sites
The problem is you're being too impatient for a standard that is still settling and support for which is still experimental and being rolled out world-wide.suffix wrote:The problem is something else
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: TLS 1.3 Not working on some sites
Since more than a week has passed since the release of Firefox 63 and no one publicly reported on any serious incidents with SSL, I created a private build of Pale Moon 28.1.0 + NSS 3.39 and switch to it as a primary browser for testing from today.
https://tls13.crypto.mozilla.org - TLS 1.3 (AES-GCM, 128bit)
https://tls13.pinterjann.is - TLS 1.3 (AES-GCM, 256bit)
https://enabled.tls13.com - TLS 1.3 (AES-GCM, 128bit)
https://tls.ctf.network - TLS 1.3 (AES-GCM, 128bit)
https://swifttls.org - TLS 1.3 (AES-GCM, 128bit)
https://www.facebook.com - TLS 1.3 (AES-GCM, 128bit)
https://www.cloudflare.com - TLS 1.3 (AES-GCM, 128bit)
https://abs.twimg.com - TLS 1.3 (AES-GCM, 256bit)
https://www.babai.ru - TLS 1.3 (AES-GCM, 256bit)
https://tls13.crypto.mozilla.org - TLS 1.3 (AES-GCM, 128bit)
https://tls13.pinterjann.is - TLS 1.3 (AES-GCM, 256bit)
https://enabled.tls13.com - TLS 1.3 (AES-GCM, 128bit)
https://tls.ctf.network - TLS 1.3 (AES-GCM, 128bit)
https://swifttls.org - TLS 1.3 (AES-GCM, 128bit)
https://www.facebook.com - TLS 1.3 (AES-GCM, 128bit)
https://www.cloudflare.com - TLS 1.3 (AES-GCM, 128bit)
https://abs.twimg.com - TLS 1.3 (AES-GCM, 256bit)
https://www.babai.ru - TLS 1.3 (AES-GCM, 256bit)
Re: TLS 1.3 Not working on some sites
So, what, you took the nss*.* files from a FF 63 install, copying those, overwriting existing in PM install, & with that www.babai.ru comes up as 1.3?
If so, then its just a matter of waiting for PM to update its TLS version to 1.3 release spec.
If so, then its just a matter of waiting for PM to update its TLS version to 1.3 release spec.
Re: TLS 1.3 Not working on some sites
It does not work this way, everything should be compiled from sources. The rest is correct.therube wrote:So, what, you took the nss*.* files from a FF 63 install, copying those, overwriting existing in PM install, & with that http://www.babai.ru comes up as 1.3?
Yes, when Moonchild decides that it is time to update the NSS library.If so, then its just a matter of waiting for PM to update its TLS version to 1.3 release spec.