The current www/chromium port version is 61.0 (five months old), but ports should be set to upgrade to www/chromium 62.0 shortly.
I took the plunge, ran version 62.0 on another platform, and noticed that the "most preferred" cipher in the newer browser is something called GREASE. I have found so little information about this, but it seems it's a test suite to see how many websites break when presented with an unknown ciphersuite and unknown TLS version, and is part of the upgrade cycle to upcoming TLS 1.3. I imagine that GREASE is entirely a dummy suite, since Chromium 62.0 is still at TLS 1.2, and it couldn't run a TLS 1.3 session. But, are we just ahead of a looming SSL disaster, and this is a forward looking mitigation? I'm not trying to be an alarmist, but would like to hear an expert's opinion about TLS 1.3 and GREASE, what they do now and later, and what to expect in the transition.
Edit: Looks like it's not much to worry about:
https://tools.ietf.org/html/draft-davidben-tls-grease-01
I took the plunge, ran version 62.0 on another platform, and noticed that the "most preferred" cipher in the newer browser is something called GREASE. I have found so little information about this, but it seems it's a test suite to see how many websites break when presented with an unknown ciphersuite and unknown TLS version, and is part of the upgrade cycle to upcoming TLS 1.3. I imagine that GREASE is entirely a dummy suite, since Chromium 62.0 is still at TLS 1.2, and it couldn't run a TLS 1.3 session. But, are we just ahead of a looming SSL disaster, and this is a forward looking mitigation? I'm not trying to be an alarmist, but would like to hear an expert's opinion about TLS 1.3 and GREASE, what they do now and later, and what to expect in the transition.
Edit: Looks like it's not much to worry about:
https://tools.ietf.org/html/draft-davidben-tls-grease-01