From owner-freebsd-ports@freebsd.org Wed Sep 12 15:47:07 2018 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B3911096CCC for ; Wed, 12 Sep 2018 15:47:07 +0000 (UTC) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (prime.gushi.org [IPv6:2001:4f8:3:3d::42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "prime.gushi.org", Issuer "RapidSSL RSA CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BB802882F4; Wed, 12 Sep 2018 15:47:06 +0000 (UTC) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (danm@localhost [127.0.0.1]) by prime.gushi.org (8.15.2/8.15.2) with ESMTPS id w8CFl3q4096825 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 12 Sep 2018 08:47:04 -0700 (PDT) (envelope-from danm@prime.gushi.org) DKIM-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org w8CFl3q4096825 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gushi.org; s=prime2014; t=1536767224; bh=MyaG5BVcBpFsDPhSxS8f8iGNCO5ilAuP7LixhFkB214=; h=Date:From:To:cc:Subject:In-Reply-To:References; z=Date:=20Wed,=2012=20Sep=202018=2008:47:03=20-0700=20(PDT)|From:=2 0"Dan=20Mahoney=20(Gushi)"=20|To:=20Koichiro=20 Iwao=20|cc:=20freebsd-ports@FreeBSD.org|Subject: =20Re:=20security/openssl111=20TLSv1.3=20port=20options|In-Reply-T o:=20<93eccde19ce7eed070f13638cc8cc9ca@freebsd.org>|References:=20 <93eccde19ce7eed070f13638cc8cc9ca@freebsd.org>; b=Z4XX3RRypdlhgFZaIR2osEfhKdVu5jxiOKMG7k9biIJU6a7AcPN8CocdbHjP3y47s m+D3+tRTgbTrJv21xEn9ph9O8ss/JG+2iYiVaxR4u/k9YXsfgGFtvEiST9keze47k/ KpkSrZ5Y0KN/WU3j7MbAY8IAP68tKI2kXGho1qRTuX7/hMugReaeYr55ub/lI8sz6y F7JL2vnKzamFYfTZpr7dlTZyGe9syXXO5bvNdTXTtJjPrM+RG6/ju/Wcj1o3p9gq/E uyjNQkPG94Zoa5P3fH1faEY019Q0aEna/fZ8Qa7Yw1zsEaYSjuTHn9PENFJ7XNwOvw 9UwcEbm2Y7rzQ== Received: (from danm@localhost) by prime.gushi.org (8.15.2/8.15.2/Submit) id w8CFl3LS096823; Wed, 12 Sep 2018 08:47:03 -0700 (PDT) (envelope-from danm) Date: Wed, 12 Sep 2018 08:47:03 -0700 (PDT) From: "Dan Mahoney (Gushi)" X-X-Sender: danm@prime.gushi.org To: Koichiro Iwao cc: freebsd-ports@FreeBSD.org Subject: Re: security/openssl111 TLSv1.3 port options In-Reply-To: <93eccde19ce7eed070f13638cc8cc9ca@freebsd.org> Message-ID: References: <93eccde19ce7eed070f13638cc8cc9ca@freebsd.org> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) X-OpenPGP-Key-ID: 0x624BB249 MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2018 15:47:07 -0000 On Wed, 12 Sep 2018, Koichiro Iwao wrote: > Hi, > > OpenSSL 1.1.1 has been added to ports tree. AFAIK OpenSSL 1.1.1 supports > TLSv1.3 > but no port options for TLSv1.3. There're only TLS1, TLS1_1, TLS1_2. > > I assume TLSv1.3 will be enabled by default unless disabled explicitly so > security/openssl111 will always be built with TLSv1.3 enabled, am I correct? > And why not add port options to enable/disable TLSv1.3 as well as older TLS > versions? Moreover -- is OpenSSL 1.1.1 going to be the default in FreeBSD 12? Probably not as it's already in the RE phase. If that's the case, people who want tls13 are going to be building ports/packages against the non-base version until at least FreeBSD 13. At least tls13 and freebsd13 would coincide nicely, linguistally speaking. -Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC FB: fb.com/DanielMahoneyIV LI: linkedin.com/in/gushi Site: http://www.gushi.org ---------------------------