• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Chromium update

ronaldlees

Aspiring Daemon

Thanks: 187
Messages: 551

#1
The current www/chromium port version is 61.0 (five months old), but ports should be set to upgrade to www/chromium 62.0 shortly.

I took the plunge, ran version 62.0 on another platform, and noticed that the "most preferred" cipher in the newer browser is something called GREASE. I have found so little information about this, but it seems it's a test suite to see how many websites break when presented with an unknown ciphersuite and unknown TLS version, and is part of the upgrade cycle to upcoming TLS 1.3. I imagine that GREASE is entirely a dummy suite, since Chromium 62.0 is still at TLS 1.2, and it couldn't run a TLS 1.3 session. But, are we just ahead of a looming SSL disaster, and this is a forward looking mitigation? I'm not trying to be an alarmist, but would like to hear an expert's opinion about TLS 1.3 and GREASE, what they do now and later, and what to expect in the transition.

Edit: Looks like it's not much to worry about:

https://tools.ietf.org/html/draft-davidben-tls-grease-01
 

drhowarddrfine

Daemon

Thanks: 639
Messages: 2,389

#3
Upcoming TLS 1.3? Chrome has been running 1.3 since version 56 and Firefox since 52. We've made available TLS 1.3 on our servers for a few months. GREASE is not a cipher suite but I have not read anything about it.
 

ronaldlees

Aspiring Daemon

Thanks: 187
Messages: 551

#4
Upcoming TLS 1.3? Chrome has been running 1.3 since version 56 and Firefox since 52. We've made available TLS 1.3 on our servers for a few months. GREASE is not a cipher suite but I have not read anything about it.
I notice you wrote "Chrome" versus Chromium. Using the following link, my Chromium-62.0/Raspbian browser shows only up thru TLS 1.2. Perhaps it's in the build but not enabled by default ...

https://www.ssllabs.com/ssltest/viewMyClient.html
 

drhowarddrfine

Daemon

Thanks: 639
Messages: 2,389

#5
Yes, Chrome. I wanted to state that TLS v1.3 can be used today and it's not something "coming up" unless you meant coming up in chromium.