I went to a site new to me a couple of days ago and, to my surprise, TLS 1.3 was shown as being used. It's the first site I have been to where I have seen TLS 1.3 used. SSLabs says its uses TLS 1.3 draft 28 version. https://www.caregiver.org/pilotIntegrat ... e_tid%3D70
So, I curiously went to that site on all my other browsers and NONE used TLS 1.3. Then I tested Basilisk (and the other browsers) at:
https://tls13.crypto.mozilla.org/
NO browser (including Basilisk) worked at Mozilla's test site. I've read that it uses draft 28. So, I am curious which draft version Basilisk uses. But since SSLabs says the site (caregiver.org) I went to on Basilisk uses draft 28, seems to me Basilisk should successfully complete the Mozilla test but it doesn't.
Whatever, I am really pleased to see Basilisk supporting TLS 1.3!
TLS 1.3 which draft version is supported?
Moderator: Basilisk-Dev
TLS 1.3 which draft version is supported?
You do not have the required permissions to view the files attached to this post.
-
- Board Warrior
- Posts: 1322
- Joined: 2014-02-02, 22:15
- Location: Chicagoland
Re: TLS 1.3 which draft version is supported?
Draft 23 is my guess. Looks like the latest NSS included in UXP is 3.36.4, and the last TLS 1.3 draft I see mentioned in the NSS release notes is draft 23 supported as of NSS 3.35. (Moonchild, please correct me if I'm wrong.)
Considering this only became an official standard a few days ago, I'm sure we'll have full formal support of it in both Basilisk and Pale Moon in the not-too-distant future.
Considering this only became an official standard a few days ago, I'm sure we'll have full formal support of it in both Basilisk and Pale Moon in the not-too-distant future.
Nichi nichi kore ko jitsu = Every day is a good day.
-
- Pale Moon guru
- Posts: 35648
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Re: TLS 1.3 which draft version is supported?
We support whichever version NSS 3.36 supports, which is draft 23. We do use a fallback to TLS 1.2 if a connection can't be made, as normal.
According to the documentation, NSS 3.37 is bumped to draft 28, so when we upgrade our NSS library in UXP, that draft will become available. Of note, draft 23/24 was -supposed- to be the final draft; it was already in the voting stage. Alternatively, we may jump to the RFC version. It doesn't look like there are many code changes (none beyond draft 26 anyway that I can see) so it's a matter of agreeing on what protocol version number to use, not necessarily a technical limitation.
According to the documentation, NSS 3.37 is bumped to draft 28, so when we upgrade our NSS library in UXP, that draft will become available. Of note, draft 23/24 was -supposed- to be the final draft; it was already in the voting stage. Alternatively, we may jump to the RFC version. It doesn't look like there are many code changes (none beyond draft 26 anyway that I can see) so it's a matter of agreeing on what protocol version number to use, not necessarily a technical limitation.
Last edited by Moonchild on 2018-08-14, 04:39, edited 3 times in total.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: TLS 1.3 which draft version is supported?
Thanks to both of you for the excellent explanations.