On 26/07/2018 9:45 PM, PRAKASH RAI (prakrai) via freebsd-security
wrote:> Hi All,
>
> I was going through the https://wiki.freebsd.org/OpenSSL and found that
openssl 1.1.1 support is planned for freeBSD 12.
> As TLSv1.3 is based on openssl 1.1.1, does it mean that freeBSD 11.X would
not be having support for TLSv1.3?
>
> Basically I would like to understand if I can build openssl 1.1.1 (which is
having support for TLSv1.3) with FreeBSD 11.2 without any issue and enable
TLSv1.3 support?
>
> Regards,
> Prakash
>
Prakash,
You're very ambitious ;)? TLSv1.3 is very different from 1.2 and
others.? Additional ciphers are "nice", but the session controls are
quite different and will take a while for applications to settle into.?
Quite a few applications are not yet at openssl 1.1.0, so surprise
yourself and try something like:
for interests in security www; do find /usr/ports/$interests/ -name
Makefile|xargs grep openssl-devel|grep BROKEN; done
And you should also note that the ports are only built on lowest
supported FreeBSD (#1), and on the 11 stream, that seems to be FreeBSD
11.1Release; so we should really work in unison to migrate to openssl
1.1.1 :)? Drawn your own conclusions about what ports have been tested
on 11.2Release
FYI perhaps consider libressl which has some additional/useful ciphers,
might be worth a look if the ciphers are your driver.?
Ref:
#1 Poke around here:? http://beefy9.nyi.freebsd.org/data/latest-per-pkg/
Cheers.