Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server Side TLS 5.0 #255

Merged
merged 8 commits into from
Jun 28, 2019
Merged

Server Side TLS 5.0 #255

merged 8 commits into from
Jun 28, 2019

Conversation

april
Copy link
Contributor

@april april commented Jun 25, 2019

Fixes #217, #211, #191, and #178.

@april april mentioned this pull request Jun 26, 2019
Closed
@april april mentioned this pull request Jun 26, 2019
Closed
nmxcgeo
nmxcgeo reviewed Jun 28, 2019
View reviewed changes
Server_Side_TLS.mediawiki Outdated
The ordering of a ciphersuite is very important because it decides which algorithms are going to be selected in priority. Each level shows the list of algorithms returned by its ciphersuite. If you have to pick ciphers manually for your application, make sure you keep the ordering.

The ciphersuite numbers listed come from the IANA [https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 TLS Cipher Suite Registry]. Previous versions of these recommendations included draft numbers for ECDHE-ECDSA-CHACHA20-POLY1305 (0xCC,0x14) and ECDHE-RSA-CHACHA20-POLY1305 (0xCC,0x13).
<p style="max-width: 60em;">OpenSSL will ignore cipher suites it doesn't understand, so always use the full set of cipher suites below, in their recommended order. The use of the <span style="color: gray; font-weight: bold;">Old</span> configuration with modern versions of OpenSSL may require custom builds with support for SSLv3 and deprecated ciphers.</p>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you mention enabling SSLv3 via custom builds, when SSLv2 and SSLv3 will be abandoned by this guide after this PR is merged? However a custom OpenSSL build for TLSv1.0 and TLSv1.1 might be necessary (e.g. for upcoming Debian 10).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because you have to enable SSLv3 in the build to get access to 3DES. :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That said, I can see how that would be confusing, so I'll trim it up a little bit.

@april april merged commit 12fda41 into mozilla:gh-pages Jun 28, 2019
@april
Copy link
Contributor Author

april commented Jun 28, 2019

Thanks for everyone's hard work on this. It's been a long journey, but we finally got there. :)

april added a commit to april/server-side-tls that referenced this pull request Jul 1, 2019
@april
Merge branch 'gh-pages' of https://github.com/mozilla/server-side-tls
a0a3c7f 
…into gh-pages

* 'gh-pages' of https://github.com/mozilla/server-side-tls:
  Server Side TLS 5.0 (mozilla#255)
@jsvd jsvd mentioned this pull request Jan 30, 2020
Closed
@gene1wood gene1wood mentioned this pull request May 5, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nmxcgeo nmxcgeo nmxcgeo left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

It is time to add support for TLS 1.3
2 participants
@april @nmxcgeo