TLS 1.3 which draft version is supported?

Board for discussions around the Basilisk web browser.

Moderator: Basilisk-Dev

Smokey20

TLS 1.3 which draft version is supported?

Unread post by Smokey20 » 2018-08-14, 01:06

I went to a site new to me a couple of days ago and, to my surprise, TLS 1.3 was shown as being used. It's the first site I have been to where I have seen TLS 1.3 used. SSLabs says its uses TLS 1.3 draft 28 version. https://www.caregiver.org/pilotIntegrat ... e_tid%3D70
Monday, August 13, 2018 14;59;10001.png
So, I curiously went to that site on all my other browsers and NONE used TLS 1.3. Then I tested Basilisk (and the other browsers) at:
https://tls13.crypto.mozilla.org/

NO browser (including Basilisk) worked at Mozilla's test site. I've read that it uses draft 28. So, I am curious which draft version Basilisk uses. But since SSLabs says the site (caregiver.org) I went to on Basilisk uses draft 28, seems to me Basilisk should successfully complete the Mozilla test but it doesn't.
Monday, August 13, 2018 14;57;58001.png
Whatever, I am really pleased to see Basilisk supporting TLS 1.3! :)

User avatar
Nigaikaze
Board Warrior
Board Warrior
Posts: 1322
Joined: 2014-02-02, 22:15
Location: Chicagoland

Re: TLS 1.3 which draft version is supported?

Unread post by Nigaikaze » 2018-08-14, 01:37

Draft 23 is my guess. Looks like the latest NSS included in UXP is 3.36.4, and the last TLS 1.3 draft I see mentioned in the NSS release notes is draft 23 supported as of NSS 3.35. (Moonchild, please correct me if I'm wrong.)

Considering this only became an official standard a few days ago, I'm sure we'll have full formal support of it in both Basilisk and Pale Moon in the not-too-distant future.
Nichi nichi kore ko jitsu = Every day is a good day.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: TLS 1.3 which draft version is supported?

Unread post by Moonchild » 2018-08-14, 04:07

We support whichever version NSS 3.36 supports, which is draft 23. We do use a fallback to TLS 1.2 if a connection can't be made, as normal.

According to the documentation, NSS 3.37 is bumped to draft 28, so when we upgrade our NSS library in UXP, that draft will become available. Of note, draft 23/24 was -supposed- to be the final draft; it was already in the voting stage. Alternatively, we may jump to the RFC version. It doesn't look like there are many code changes (none beyond draft 26 anyway that I can see) so it's a matter of agreeing on what protocol version number to use, not necessarily a technical limitation.
Last edited by Moonchild on 2018-08-14, 04:39, edited 3 times in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Smokey20

Re: TLS 1.3 which draft version is supported?

Unread post by Smokey20 » 2018-08-14, 04:31

Thanks to both of you for the excellent explanations. :thumbup:

Locked