Is freeBSD 11.X going to have support for TLSv1.3

prakrai

New Member


Messages: 1

Hi,
I was going through the https://wiki.freebsd.org/OpenSSL and found that openssl 1.1.1 support is planned for freeBSD 12. As TLSv1.3 is based on openssl 1.1.1, does it mean that freeBSD 11.X would not be having support for TLSv1.3?

If not, then what is the plan to have support for TLSv1.3 in freeBSD11.X?
 

obsigna

Aspiring Daemon

Reaction score: 571
Messages: 965

OpenSSL v1.1.1 is not released yet, we can download the prerelease #8. According to https://wiki.openssl.org/index.php/TLS1.3#Current_status_of_the_TLSv1.3_standard, TLSv1.3 is still in draft. The mentioned header file tls1.h of the latest (June, 20th) prerelease tells us on lines 30 to 39, that it supports up to draft 28.

In respect to FreeBSD, the base OpenSSL version won't change with minor releases. However, it is possible to install OpenSSL from the ports in order to get hands on more recent features. In the moment security/openssl-devel would install OpenSSL v1.1.0 (release). Once the final version of OpenSSL v1.1.1 becomes released, most probably said port (or another one) will point to that one, and we may have TLSv1.3 also in all supported versions of FreeBSD.

Note also, that it is still not sure, whether FreeBSD 12 comes with OpenSSL v1.1.1. In order to this to happen, v1.1.1 must have been finally released, and for this, TLSv1.3 must have left the draft status before.
 
Top