FreeBSD 11 TLS 1.3

Hello.
When will tls 1.3 appear on FreeBSD 11?
Code:
OpenSSL 1.0.2o-freebsd  27 Mar 2018
Code:
FreeBSD 11.2-RELEASE-p10 amd64
For the time being, I cannot switch to FreeBSD 12.0.
 
It's not going to be included in 11.3. TLS 1.3 was added to OpenSSL 1.1.1. FreeBSD 11.3 will have OpenSSL 1.0.2s.

If you need OpenSSL 1.1.1 you can set DEFAULT_VERSIONS+= ssl=openssl111 and build everything from ports. Note that this will only work for ports, it does nothing to change the OpenSSL from the base (or change any of the base SSL dependencies).
 
It's not going to be included in 11.3. TLS 1.3 was added to OpenSSL 1.1.1. FreeBSD 11.3 will have OpenSSL 1.0.2s.

If you need OpenSSL 1.1.1 you can set DEFAULT_VERSIONS+= ssl=openssl111 and build everything from ports. Note that this will only work for ports, it does nothing to change the OpenSSL from the base (or change any of the base SSL dependencies).
This is bad news.
 
Being devil's advocate as always, what's the requirement for 1.3? Even governments still accept 1.2 as a baseline. Seems strange to be in a situation where you can't upgrade to 12 (which isn't exactly a major change from 11), but need the bleeding edge of TLS support.
 
Being devil's advocate as always, what's the requirement for 1.3? Even governments still accept 1.2 as a baseline. Seems strange to be in a situation where you can't upgrade to 12 (which isn't exactly a major change from 11), but need the bleeding edge of TLS support.
I use jail, if it is updated to FreeBSD 12.0 then jail will not start.
Already tried to transfer jail from Freebsd 11.2 to 12.0, jail does not start.
 
Set in /etc/make.conf:
Code:
DEFAULT_VERSIONS+= ssl=openssl111
Then (re)build everything from ports.
 
Set in /etc/make.conf:
Code:
DEFAULT_VERSIONS+= ssl=openssl111
Then (re)build everything from ports.
Code:
# pkg version | grep "openssl1"
openssl111-1.1.1c
Code:
OpenSSL> version
OpenSSL 1.0.2o-freebsd  27 Mar 2018
After installing openssl111 rebuilt all ports dependent on openssl111.
In nginx indicated TLS 1.3.
Google Chrome recognizes TLS 1.2, TLS1.3 does not see.
 
Note the difference between /usr/bin/openssl (from the base OS) and /usr/local/bin/openssl (from ports/packages).
 
After installing openssl111 rebuilt all ports dependent on openssl111.
portupgrade -frR security/openssl111
 
Back
Top