From owner-freebsd-security@freebsd.org Sat Jul 21 21:46:43 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9072D102D843 for ; Sat, 21 Jul 2018 21:46:43 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (tunnel82308-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:ccb::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 325287956F for ; Sat, 21 Jul 2018 21:46:43 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (localhost [127.0.0.1]) by hergotha.csail.mit.edu (8.15.2/8.15.2) with ESMTP id w6LLkfDe047171; Sat, 21 Jul 2018 17:46:41 -0400 (EDT) (envelope-from wollman@hergotha.csail.mit.edu) Received: (from wollman@localhost) by hergotha.csail.mit.edu (8.15.2/8.14.4/Submit) id w6LLkfn5047170; Sat, 21 Jul 2018 17:46:41 -0400 (EDT) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <23379.43457.251216.204991@hergotha.csail.mit.edu> Date: Sat, 21 Jul 2018 17:46:41 -0400 From: Garrett Wollman To: Grzegorz Junka Cc: freebsd-security@freebsd.org Subject: Re: Possible break-in attempt? In-Reply-To: <79df6b59-c36a-b417-8fe8-2717d0b333a2@gjunka.com> References: <594ba84b-0691-8471-4bd4-076d0ae3da98@gjunka.com> <368EABCF-A10A-49E9-9473-7753F6BEAA50@patpro.net> <8EDDBDB2-77F5-4CF5-8744-41BEA187C08A@FreeBSD.org> <201807201905.w6KJ59hn079229@donotpassgo.dyslexicfish.net> <2E502F45-E6F6-44D7-AE9E-9B8B08C1CEBE@nuos.org> <0DDFA4FB-4FAB-49F0-99E8-9958DB1D889F@nuos.org> <91123dcd-529a-1c92-16bf-f9060d3f1fa6@gjunka.com> <3dcdf0e7-a17f-7b98-cdea-06cce1875d74@quip.cz> <79df6b59-c36a-b417-8fe8-2717d0b333a2@gjunka.com> X-Mailer: VM 8.2.0b under 25.3.1 (amd64-portbld-freebsd10.3) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (hergotha.csail.mit.edu [127.0.0.1]); Sat, 21 Jul 2018 17:46:41 -0400 (EDT) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED, HEADER_FROM_DIFFERENT_DOMAINS autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hergotha.csail.mit.edu X-Mailman-Approved-At: Sun, 22 Jul 2018 01:50:24 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jul 2018 21:46:43 -0000 < said: > It's from 11.1-RELEASE-p1. I would hope that 11.1p1 is more correct than > 10.4? No, 11.1 predates 10.4. -GAWollman From owner-freebsd-security@freebsd.org Sat Jul 21 21:48:17 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91F63102D899; Sat, 21 Jul 2018 21:48:17 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-it0-x243.google.com (mail-it0-x243.google.com [IPv6:2607:f8b0:4001:c0b::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 29133795A4; Sat, 21 Jul 2018 21:48:17 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-it0-x243.google.com with SMTP id w16-v6so19229948ita.0; Sat, 21 Jul 2018 14:48:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=QovzE1ZzVmby/pJ7cV1Ht9wNnegBpQf0hBySDVDJAIE=; b=IdPsMwvWiFyZtsWPepupHOzsJuniDSVcHec3P31walla0aQUhHkwJzf+327jYz4PD/ VMJ68/s5TsKnYeiNiQJ4Nn4RPoI91e7RhuqOG5bnKgwqcuqROTn12/Sjaw+AkLKQT/M7 PnFAi1l7Q2OwZ9CiYhDDpF8eSsMbR3+eak7xaDwnLfx/fmGEhs+2oXKi4RCcam0EARL9 a3g1zLp+lYSJmuF2fDN4lkOOvpBFPq9csjKLmZyNpg45bJud/l1syHPS3dr1leihFd2Y bGkbG7wQWJ3Yqefa/SS+tQCeQzhHOwQPZiVclV+YYPe2QcVjZq0/LMRYFZ8wu+KBZv8o HqEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=QovzE1ZzVmby/pJ7cV1Ht9wNnegBpQf0hBySDVDJAIE=; b=TyamM0aCvI+GRgks54Htww3Bs5+0qXczrEdV+ODn/eVcrS3c+WVUG4oY4/lkyBGJub xII6rmFiKqKJq62kvD5mW1VadvZTrawn0CTPSDj8Oea5oAR9RTedE23S/p8/qGEXqkdP FYum5hXHOVGBiFbbKBOgys3so7pL0d1fUuNlYr2Mj2gZbHsL3E6IP7e6jvzN3QHKs02f +uTd+WFOpfYleZtMRVyvFtTwYCPJN6qgrNkb0Xd4jIBqYHjy8zr1fogI/88vWPEhUqSB 5UeBcs+hdJ0mMUwOcbj1U6y7tGoW+3bFtEB5JkBC7+oVmL09QmMlwfSq8MkImPXWXFDA Orog== X-Gm-Message-State: AOUpUlEiTjBm7T69rnp8FwLJ0nwLaCPqcpHyNSqxv5XQMoLBFmJxvJdK 4OfTr1bx9fDedmLJYbxv3dy6YN40+3OPpiscY8g3YIDEyNwAnA== X-Google-Smtp-Source: AAOMgpdduXFprFUWPtLORDZp6fPQewIA/yL/039Vu3O907ignAzhFgTUMhD28SbPFcOh2pp5hD68j/CJjHYAXEdOk+Y= X-Received: by 2002:a24:1603:: with SMTP id a3-v6mr5887092ita.119.1532209696201; Sat, 21 Jul 2018 14:48:16 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:7781:0:0:0:0:0 with HTTP; Sat, 21 Jul 2018 14:47:35 -0700 (PDT) From: grarpamp Date: Sat, 21 Jul 2018 17:47:35 -0400 Message-ID: Subject: Archives of last quarterly package builds? To: freebsd-ports@freebsd.org Cc: freebsd-hubs@freebsd.org, freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Mailman-Approved-At: Sun, 22 Jul 2018 01:50:45 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jul 2018 21:48:17 -0000 Packages are delivered via a single quarterly label here https://pkg.freebsd.org/FreeBSD:11:amd64/quarterly/ which corresponds to the latest quarterly branch label here https://svnweb.freebsd.org/ports/branches/?sortby=date#dirlist However, similar to how the tags here https://svnweb.freebsd.org/ports/tags/?sortby=date#dirlist are archived here https://pkg.freebsd.org/FreeBSD:11:amd64/ as these https://pkg.freebsd.org/FreeBSD:11:amd64/release_[n] The last "ie: final" builds of each quarterly branch before they roll over should also be moved off into their own archived quarterly directories as https://pkg.freebsd.org/FreeBSD:11:amd64/yyyyQ[n] For example /quarterly/ should be repointed from 2018Q2 to 2018Q3, leaving 2018Q2 as a live "pkg" accessible archive. Eventually all such archives could be moved to historical archive server under typical release support expiry periods. This would also serve critical purpose as an independant original remote repository for validating local package / file signatures against compromise, corruption, loss. For example, does the last 2018Q2 (or older ones) still exist anywhere for users to reference and use? From owner-freebsd-security@freebsd.org Thu Jul 26 11:45:25 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6A8D6104C718 for ; Thu, 26 Jul 2018 11:45:25 +0000 (UTC) (envelope-from prakrai@cisco.com) Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (Client CN "iport.cisco.com", Issuer "HydrantID SSL ICA G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E4F818B3BF for ; Thu, 26 Jul 2018 11:45:24 +0000 (UTC) (envelope-from prakrai@cisco.com) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DXAAAns1lb/4cNJK1cGgEBAQEBAgE?= =?us-ascii?q?BAQEIAQEBAYJXd2N/MoN0iAaMO5JEhRaBegsfhGaCWiE0GAECAQECAQECbRw?= =?us-ascii?q?BC4VgCl4BSgIEHRMnBIMzAYEbZLFfgS6KRgWJAheBQT+BOB+KSjGCJAKZewk?= =?us-ascii?q?CGIV8lyKKTYc/AhEUgSQdOIFScBVlAYI/ixSFPo5JgRsBAQ?= X-IronPort-AV: E=Sophos;i="5.51,404,1526342400"; d="scan'208,217";a="148123128" Received: from alln-core-2.cisco.com ([173.36.13.135]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Jul 2018 11:45:23 +0000 Received: from XCH-RTP-007.cisco.com (xch-rtp-007.cisco.com [64.101.220.147]) by alln-core-2.cisco.com (8.15.2/8.15.2) with ESMTPS id w6QBjNQB004632 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for ; Thu, 26 Jul 2018 11:45:23 GMT Received: from xch-rtp-010.cisco.com (64.101.220.150) by XCH-RTP-007.cisco.com (64.101.220.147) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 26 Jul 2018 07:45:22 -0400 Received: from xch-rtp-010.cisco.com ([64.101.220.150]) by XCH-RTP-010.cisco.com ([64.101.220.150]) with mapi id 15.00.1320.000; Thu, 26 Jul 2018 07:45:22 -0400 From: "PRAKASH RAI (prakrai)" To: "freebsd-security@freebsd.org" Subject: TLSv1.3 support in freeBSD 11.X Thread-Topic: TLSv1.3 support in freeBSD 11.X Thread-Index: AQHUJNYi1p+i2KDHTkOA8LiUa9l4KA== Date: Thu, 26 Jul 2018 11:45:22 +0000 Message-ID: <2ECA83EC-B156-43DF-AFDD-407BDFF74DAA@contoso.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.65.54.71] MIME-Version: 1.0 X-Outbound-SMTP-Client: 64.101.220.147, xch-rtp-007.cisco.com X-Outbound-Node: alln-core-2.cisco.com X-Mailman-Approved-At: Thu, 26 Jul 2018 13:31:10 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2018 11:45:25 -0000 SGkgQWxsLA0KDQpJIHdhcyBnb2luZyB0aHJvdWdoIHRoZSBodHRwczovL3dpa2kuZnJlZWJzZC5v cmcvT3BlblNTTCBhbmQgZm91bmQgdGhhdCBvcGVuc3NsIDEuMS4xIHN1cHBvcnQgaXMgcGxhbm5l ZCBmb3IgZnJlZUJTRCAxMi4NCkFzIFRMU3YxLjMgaXMgYmFzZWQgb24gb3BlbnNzbCAxLjEuMSwg ZG9lcyBpdCBtZWFuIHRoYXQgZnJlZUJTRCAxMS5YIHdvdWxkIG5vdCBiZSBoYXZpbmcgc3VwcG9y dCBmb3IgVExTdjEuMz8NCg0KQmFzaWNhbGx5IEkgd291bGQgbGlrZSB0byB1bmRlcnN0YW5kIGlm IEkgY2FuIGJ1aWxkIG9wZW5zc2wgMS4xLjEgKHdoaWNoIGlzIGhhdmluZyBzdXBwb3J0IGZvciBU TFN2MS4zKSB3aXRoIEZyZWVCU0QgMTEuMiB3aXRob3V0IGFueSBpc3N1ZSBhbmQgZW5hYmxlIFRM U3YxLjMgc3VwcG9ydD8NCg0KUmVnYXJkcywNClByYWthc2gNCg0K From owner-freebsd-security@freebsd.org Thu Jul 26 13:57:09 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E6AB0104FF35 for ; Thu, 26 Jul 2018 13:57:08 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6310D9044E for ; Thu, 26 Jul 2018 13:57:08 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 12074423-975ff70000002ca9-01-5b59d1fdd2ff Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id EB.99.11433.EF1D95B5; Thu, 26 Jul 2018 09:51:59 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w6QDpuwJ022341; Thu, 26 Jul 2018 09:51:57 -0400 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w6QDprtn015575 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 26 Jul 2018 09:51:55 -0400 Date: Thu, 26 Jul 2018 08:51:53 -0500 From: Benjamin Kaduk To: "PRAKASH RAI (prakrai)" Cc: "freebsd-security@freebsd.org" Subject: Re: TLSv1.3 support in freeBSD 11.X Message-ID: <20180726135152.GK92448@kduck.kaduk.org> References: <2ECA83EC-B156-43DF-AFDD-407BDFF74DAA@contoso.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2ECA83EC-B156-43DF-AFDD-407BDFF74DAA@contoso.com> User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOIsWRmVeSWpSXmKPExsUixCmqrfv/YmS0wdNXTBY9m56wWWy6/ZzZ gcljyu+NrB4zPs1nCWCK4rJJSc3JLEst0rdL4Mr4v+wUS8FitopVO3YzNTC2s3YxcnJICJhI rP37ga2LkYtDSGAxk8SCw3tYIJyNjBKd3y4wQThXmST235vIAtLCIqAqcWb/EUYQm01ARaKh +zIziC0ioC+xacMWdhCbWcBRYsqUb2D1wgI6Eq+X7gOL8wKt+3JpPthqIQE7ia+7W1kg4oIS J2c+YYHo1ZK48e8l0GIOIFtaYvk/DpAwp4C9xMYXzWCrRAWUJfb2HWKfwCgwC0n3LCTdsxC6 FzAyr2KUTcmt0s1NzMwpTk3WLU5OzMtLLdI108vNLNFLTSndxAgKU3YX5R2ML/u8DzEKcDAq 8fBemBkRLcSaWFZcmXuIUZKDSUmUN219ZLQQX1J+SmVGYnFGfFFpTmrxIUYJDmYlEV79LUA5 3pTEyqrUonyYlDQHi5I47/2a8GghgfTEktTs1NSC1CKYrAwHh5IE750LQI2CRanpqRVpmTkl CGkmDk6Q4TxAw5tBaniLCxJzizPTIfKnGHU5/ryfOolZiCUvPy9VSpxXHZgghARAijJK8+Dm gNKLRPb+mleM4kBvCfNagVTxAFMT3KRXQEuYgJYcjwNbUpKIkJJqYCz4V83X0PJ98W5T8eni dlWXuwq+XJaLmsl9x/HrivabMw4X/HZfwxHp5D1lpcQKld6K5NPnHgeWVZRlF993+O/XVrBU 7oLaurPm/m8Mdj/q4Zxq82mRtMgtC7lENkn/u3ddXPZ42UTt6PD/7PN+VewCb8/5nQFZnel+ n1LlWRb3tHDeX3lokhJLcUaioRZzUXEiANjgC/4KAwAA X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2018 13:57:09 -0000 On Thu, Jul 26, 2018 at 11:45:22AM +0000, PRAKASH RAI (prakrai) via freebsd-security wrote: > Hi All, > > I was going through the https://wiki.freebsd.org/OpenSSL and found that openssl 1.1.1 support is planned for freeBSD 12. > As TLSv1.3 is based on openssl 1.1.1, does it mean that freeBSD 11.X would not be having support for TLSv1.3? > > Basically I would like to understand if I can build openssl 1.1.1 (which is having support for TLSv1.3) with FreeBSD 11.2 without any issue and enable TLSv1.3 support? The tools in the base system of FreeBSD 11.2 will not support TLS 1.3. You can of course build other (i.e., newer) software from the Ports Collection or install from packages, as they become available; in that way it will be possible to use TLS 1.3 from FreeBSD 11.2. -Ben From owner-freebsd-security@freebsd.org Thu Jul 26 15:18:50 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74F5910524A7 for ; Thu, 26 Jul 2018 15:18:50 +0000 (UTC) (envelope-from prakrai@cisco.com) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (Client CN "iport.cisco.com", Issuer "HydrantID SSL ICA G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D9AF794360 for ; Thu, 26 Jul 2018 15:18:49 +0000 (UTC) (envelope-from prakrai@cisco.com) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CvAQCO5Vlb/5RdJa1dDgsBAQEBAQE?= =?us-ascii?q?BAQEBAQEHAQEBAQGDTmN/KAqDdIgGjkaDO5ITgXoLH4FYgnUCF4JgITQYAQI?= =?us-ascii?q?BAQIBAQJtHAyFNwEFIxFFEAIBCBgCAiYCAgIdExUQAgQOBYMgAYF/sUmBLoR?= =?us-ascii?q?ehWYFgQuHdxeBQT+BOB+CTId+MYIkApl7CQIYhXyJH44Dik2HPwIRFIEkHTi?= =?us-ascii?q?BUnAVZQGCPosVhQQ6b44DgRsBAQ?= X-IronPort-AV: E=Sophos;i="5.51,405,1526342400"; d="scan'208";a="432510580" Received: from rcdn-core-12.cisco.com ([173.37.93.148]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 26 Jul 2018 15:18:48 +0000 Received: from XCH-RTP-009.cisco.com (xch-rtp-009.cisco.com [64.101.220.149]) by rcdn-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id w6QFImmr014521 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 26 Jul 2018 15:18:48 GMT Received: from xch-rtp-010.cisco.com (64.101.220.150) by XCH-RTP-009.cisco.com (64.101.220.149) with Microsoft SMTP Server (TLS) id 15.0.1320.4; Thu, 26 Jul 2018 11:18:47 -0400 Received: from xch-rtp-010.cisco.com ([64.101.220.150]) by XCH-RTP-010.cisco.com ([64.101.220.150]) with mapi id 15.00.1320.000; Thu, 26 Jul 2018 11:18:47 -0400 From: "PRAKASH RAI (prakrai)" To: Benjamin Kaduk CC: "freebsd-security@freebsd.org" Subject: Re: TLSv1.3 support in freeBSD 11.X Thread-Topic: TLSv1.3 support in freeBSD 11.X Thread-Index: AQHUJNYi1p+i2KDHTkOA8LiUa9l4KKShyP+AgAB0eYA= Date: Thu, 26 Jul 2018 15:18:47 +0000 Message-ID: <9277D562-ABBD-40EC-8A30-0175AB63EAD9@cisco.com> References: <2ECA83EC-B156-43DF-AFDD-407BDFF74DAA@contoso.com> <20180726135152.GK92448@kduck.kaduk.org> In-Reply-To: <20180726135152.GK92448@kduck.kaduk.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.65.54.71] Content-Type: text/plain; charset="utf-8" Content-ID: <4264040093A0A640B2BD8DA9A34612D0@emea.cisco.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Outbound-SMTP-Client: 64.101.220.149, xch-rtp-009.cisco.com X-Outbound-Node: rcdn-core-12.cisco.com X-Mailman-Approved-At: Thu, 26 Jul 2018 15:23:12 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2018 15:18:50 -0000 VGhhbmtzIEJlbi4gVGhpcyBpbmZvIHdpbGwgaGVscCB1cyB0byBwbGFuIG91ciBUTFN2MS4zIHN1 cHBvcnQgYWN0aXZpdHkuDQoNClJlZ2FyZHMsDQpQcmFrYXNoDQoNCu+7v09uIDI2LzA3LzE4LCA3 OjIyIFBNLCAiQmVuamFtaW4gS2FkdWsiIDxrYWR1a0BtaXQuZWR1PiB3cm90ZToNCg0KICAgIE9u IFRodSwgSnVsIDI2LCAyMDE4IGF0IDExOjQ1OjIyQU0gKzAwMDAsIFBSQUtBU0ggUkFJIChwcmFr cmFpKSB2aWEgZnJlZWJzZC1zZWN1cml0eSB3cm90ZToNCiAgICA+IEhpIEFsbCwNCiAgICA+IA0K ICAgID4gSSB3YXMgZ29pbmcgdGhyb3VnaCB0aGUgaHR0cHM6Ly93aWtpLmZyZWVic2Qub3JnL09w ZW5TU0wgYW5kIGZvdW5kIHRoYXQgb3BlbnNzbCAxLjEuMSBzdXBwb3J0IGlzIHBsYW5uZWQgZm9y IGZyZWVCU0QgMTIuDQogICAgPiBBcyBUTFN2MS4zIGlzIGJhc2VkIG9uIG9wZW5zc2wgMS4xLjEs IGRvZXMgaXQgbWVhbiB0aGF0IGZyZWVCU0QgMTEuWCB3b3VsZCBub3QgYmUgaGF2aW5nIHN1cHBv cnQgZm9yIFRMU3YxLjM/DQogICAgPiANCiAgICA+IEJhc2ljYWxseSBJIHdvdWxkIGxpa2UgdG8g dW5kZXJzdGFuZCBpZiBJIGNhbiBidWlsZCBvcGVuc3NsIDEuMS4xICh3aGljaCBpcyBoYXZpbmcg c3VwcG9ydCBmb3IgVExTdjEuMykgd2l0aCBGcmVlQlNEIDExLjIgd2l0aG91dCBhbnkgaXNzdWUg YW5kIGVuYWJsZSBUTFN2MS4zIHN1cHBvcnQ/DQogICAgDQogICAgVGhlIHRvb2xzIGluIHRoZSBi YXNlIHN5c3RlbSBvZiBGcmVlQlNEIDExLjIgd2lsbCBub3Qgc3VwcG9ydCBUTFMgMS4zLiAgWW91 DQogICAgY2FuIG9mIGNvdXJzZSBidWlsZCBvdGhlciAoaS5lLiwgbmV3ZXIpIHNvZnR3YXJlIGZy b20gdGhlIFBvcnRzIENvbGxlY3Rpb24NCiAgICBvciBpbnN0YWxsIGZyb20gcGFja2FnZXMsIGFz IHRoZXkgYmVjb21lIGF2YWlsYWJsZTsgaW4gdGhhdCB3YXkgaXQgd2lsbCBiZQ0KICAgIHBvc3Np YmxlIHRvIHVzZSBUTFMgMS4zIGZyb20gRnJlZUJTRCAxMS4yLg0KICAgIA0KICAgIC1CZW4NCiAg ICANCg0K