TLS 1.3 Not working on some sites Topic is solved

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
suffix

TLS 1.3 Not working on some sites

Unread post by suffix » 2018-10-26, 08:14

1. Pale moon 28.1.0, Ubuntu 18.04

2. Facebook.com show TLS 1.3

3. www.babai.ru show only TLS 1.2

But Crome 70, Firefox 63, htbridge - https://www.htbridge.com/ssl/?id=kqokkuK1, ssllabs - https://www.ssllabs.com/ssltest/analyze.html?d=www.babai.ru&s=185.158.115.215 show TLS 1.3

suffix

Re: TLS 1.3 Not working on some sites

Unread post by suffix » 2018-10-30, 16:21

Is it just that I have one? Or is it not a mistake?

User avatar
therube
Board Warrior
Board Warrior
Posts: 1650
Joined: 2018-06-08, 17:02

Re: TLS 1.3 Not working on some sites

Unread post by therube » 2018-10-30, 16:27

Don't really know, but it may have to do with the draft version level of TLS 1.3 that ships with PM vs what other browsers may have?

(Offhand not sure which draft version is in 28.1.0?
FF 61 was at draft 28. Not sure of more recent FF?)

JustOff

Re: TLS 1.3 Not working on some sites

Unread post by JustOff » 2018-10-30, 20:34

At the moment Pale Moon supports Draft 28 via NSS 3.38, while for RFC 8446 we need NSS 3.39 shipped with Firefox 63. I believe this will be addressed by Moonchild in due time.

roytam1

Re: TLS 1.3 Not working on some sites

Unread post by roytam1 » 2018-10-30, 23:36

NSS 3.39 will break sites that is using older TLS 1.3 draft library ( see https://bugzilla.mozilla.org/show_bug.cgi?id=1488240 )

JustOff

Re: TLS 1.3 Not working on some sites

Unread post by JustOff » 2018-10-31, 01:19

You are wrong, that was not NSS problem, and now it is resolved on the CDN side.

roytam1

Re: TLS 1.3 Not working on some sites

Unread post by roytam1 » 2018-10-31, 01:56

JustOff wrote:You are wrong, that was not NSS problem, and now it is resolved on the CDN side.
This happens because NSS can't select TLS 1.3 draft version, unlike chrome.
I don't say "this is a bug of NSS", just an observation. You can't ensure every sites/CDNs will update their crypto library in time.

suffix

Re: TLS 1.3 Not working on some sites

Unread post by suffix » 2018-10-31, 06:09

Stop. Stop. Stop. This cannot be due to draft 28 or final version of TLS 1.3.

I indicated in the first message that Pale moon 28.1.0 sees TLS 1.3 on facebook.com.

Facebook.com support final version TLS 1.3 as my site (https://www.babai.ru).

But on my site Palee moon see only TLS 1.2

The problem is something else
Last edited by suffix on 2018-10-31, 06:10, edited 2 times in total.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: TLS 1.3 Not working on some sites

Unread post by Moonchild » 2018-10-31, 06:32

suffix wrote:The problem is something else
The problem is you're being too impatient for a standard that is still settling and support for which is still experimental and being rolled out world-wide.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

JustOff

Re: TLS 1.3 Not working on some sites

Unread post by JustOff » 2018-10-31, 16:33

Since more than a week has passed since the release of Firefox 63 and no one publicly reported on any serious incidents with SSL, I created a private build of Pale Moon 28.1.0 + NSS 3.39 and switch to it as a primary browser for testing from today.

https://tls13.crypto.mozilla.org - TLS 1.3 (AES-GCM, 128bit)
https://tls13.pinterjann.is - TLS 1.3 (AES-GCM, 256bit)
https://enabled.tls13.com - TLS 1.3 (AES-GCM, 128bit)
https://tls.ctf.network - TLS 1.3 (AES-GCM, 128bit)
https://swifttls.org - TLS 1.3 (AES-GCM, 128bit)

https://www.facebook.com - TLS 1.3 (AES-GCM, 128bit)
https://www.cloudflare.com - TLS 1.3 (AES-GCM, 128bit)
https://abs.twimg.com - TLS 1.3 (AES-GCM, 256bit)
https://www.babai.ru - TLS 1.3 (AES-GCM, 256bit)

User avatar
therube
Board Warrior
Board Warrior
Posts: 1650
Joined: 2018-06-08, 17:02

Re: TLS 1.3 Not working on some sites

Unread post by therube » 2018-10-31, 17:57

So, what, you took the nss*.* files from a FF 63 install, copying those, overwriting existing in PM install, & with that www.babai.ru comes up as 1.3?

If so, then its just a matter of waiting for PM to update its TLS version to 1.3 release spec.

JustOff

Re: TLS 1.3 Not working on some sites

Unread post by JustOff » 2018-10-31, 19:13

therube wrote:So, what, you took the nss*.* files from a FF 63 install, copying those, overwriting existing in PM install, & with that http://www.babai.ru comes up as 1.3?
It does not work this way, everything should be compiled from sources. The rest is correct.
If so, then its just a matter of waiting for PM to update its TLS version to 1.3 release spec.
Yes, when Moonchild decides that it is time to update the NSS library.

seifhd

Re: TLS 1.3 Not working on some sites

Unread post by seifhd » 2018-11-10, 01:09

So, what, you took the nss

seifhd

Re: TLS 1.3 Not working on some sites

Unread post by seifhd » 2018-11-12, 11:58

yeah !!!

thank you..

suffix

Re: TLS 1.3 Not working on some sites

Unread post by suffix » 2019-01-16, 10:33

in version v28.3.0 - all OK !

Thanks !

Locked