From owner-freebsd-security@freebsd.org Thu Jul 26 13:57:09 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E6AB0104FF35 for ; Thu, 26 Jul 2018 13:57:08 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6310D9044E for ; Thu, 26 Jul 2018 13:57:08 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 12074423-975ff70000002ca9-01-5b59d1fdd2ff Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id EB.99.11433.EF1D95B5; Thu, 26 Jul 2018 09:51:59 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w6QDpuwJ022341; Thu, 26 Jul 2018 09:51:57 -0400 Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w6QDprtn015575 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 26 Jul 2018 09:51:55 -0400 Date: Thu, 26 Jul 2018 08:51:53 -0500 From: Benjamin Kaduk To: "PRAKASH RAI (prakrai)" Cc: "freebsd-security@freebsd.org" Subject: Re: TLSv1.3 support in freeBSD 11.X Message-ID: <20180726135152.GK92448@kduck.kaduk.org> References: <2ECA83EC-B156-43DF-AFDD-407BDFF74DAA@contoso.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2ECA83EC-B156-43DF-AFDD-407BDFF74DAA@contoso.com> User-Agent: Mutt/1.9.1 (2017-09-22) X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOIsWRmVeSWpSXmKPExsUixCmqrfv/YmS0wdNXTBY9m56wWWy6/ZzZ gcljyu+NrB4zPs1nCWCK4rJJSc3JLEst0rdL4Mr4v+wUS8FitopVO3YzNTC2s3YxcnJICJhI rP37ga2LkYtDSGAxk8SCw3tYIJyNjBKd3y4wQThXmST235vIAtLCIqAqcWb/EUYQm01ARaKh +zIziC0ioC+xacMWdhCbWcBRYsqUb2D1wgI6Eq+X7gOL8wKt+3JpPthqIQE7ia+7W1kg4oIS J2c+YYHo1ZK48e8l0GIOIFtaYvk/DpAwp4C9xMYXzWCrRAWUJfb2HWKfwCgwC0n3LCTdsxC6 FzAyr2KUTcmt0s1NzMwpTk3WLU5OzMtLLdI108vNLNFLTSndxAgKU3YX5R2ML/u8DzEKcDAq 8fBemBkRLcSaWFZcmXuIUZKDSUmUN219ZLQQX1J+SmVGYnFGfFFpTmrxIUYJDmYlEV79LUA5 3pTEyqrUonyYlDQHi5I47/2a8GghgfTEktTs1NSC1CKYrAwHh5IE750LQI2CRanpqRVpmTkl CGkmDk6Q4TxAw5tBaniLCxJzizPTIfKnGHU5/ryfOolZiCUvPy9VSpxXHZgghARAijJK8+Dm gNKLRPb+mleM4kBvCfNagVTxAFMT3KRXQEuYgJYcjwNbUpKIkJJqYCz4V83X0PJ98W5T8eni dlWXuwq+XJaLmsl9x/HrivabMw4X/HZfwxHp5D1lpcQKld6K5NPnHgeWVZRlF993+O/XVrBU 7oLaurPm/m8Mdj/q4Zxq82mRtMgtC7lENkn/u3ddXPZ42UTt6PD/7PN+VewCb8/5nQFZnel+ n1LlWRb3tHDeX3lokhJLcUaioRZzUXEiANjgC/4KAwAA X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2018 13:57:09 -0000 On Thu, Jul 26, 2018 at 11:45:22AM +0000, PRAKASH RAI (prakrai) via freebsd-security wrote: > Hi All, > > I was going through the https://wiki.freebsd.org/OpenSSL and found that openssl 1.1.1 support is planned for freeBSD 12. > As TLSv1.3 is based on openssl 1.1.1, does it mean that freeBSD 11.X would not be having support for TLSv1.3? > > Basically I would like to understand if I can build openssl 1.1.1 (which is having support for TLSv1.3) with FreeBSD 11.2 without any issue and enable TLSv1.3 support? The tools in the base system of FreeBSD 11.2 will not support TLS 1.3. You can of course build other (i.e., newer) software from the Ports Collection or install from packages, as they become available; in that way it will be possible to use TLS 1.3 from FreeBSD 11.2. -Ben