On 10/18/18 4:14 PM, Johnny Hughes wrote:> On 10/18/2018 12:36 PM, Walter H. wrote: >> On 18.10.2018 00:08, Johnny Hughes wrote: >>> The bottom line .. we don't make the decision whether or not to use >>> systemd or not.? We rebuild RHEL source code. >> will there come a CentOS 6.11 which will be capable of TLS1.3 or HTTP/2? >> I'm sure there will come a CentOS 8, but when is it probable to be >> released? >> > We have no idea .. we don't design what is in CentOS. If Red Hat adds > those things to RHEL-6 then we will put them in CentOS .. If they don't > we won't.And for example, if RH does not backport openSSL 1.1.1, you will not get EDDSA certificate support for TLS? 1.3.? Now you might not care about this for your servers and just continue to use ECDSA certs. Clients will increasingly encounter EDDSA certs and it will be interesting to see how this is handled in older clients.? We have had years to spread support for ECDSA before it started appearing from servers.? May not for EDDSA. Self-touting, I have an Internet Draft out on using openSSL command line to build an EDDSA pki.? I did the work on Fedora29-beta. I think all the other TLS 1.3 features are in the latest 1.0.n version of openSSL.? Of course that is ALSO a backport issue. I have been told that if you set up your client to only accept TLS 1.3 connections, the Secure Internet gets really small really fast...> >> one of the most important things (for me), as I already noticed there >> will be quite differences >> between CentOS 6 and CentOS 7, not only systemd or not, also Apache 2.2 >> and 2.4 >> and many other; >> the config files won't be the same, will there be a migrate helper or >> something like this >> which does the config conversion to get a CentOS 7 or maybe then CentOS 8 >> that does exact the same things the old CentOS 6 did? >> > No, there is no automated way to move from CentOS-6 to CentOS-7 .. and > we have no idea what will be in CentOS-8 until Red Hat releases RHEL-8. > We have no idea what will be in CentOS-6.11 until Red Hat releases > RHEL-6.11 .. and we have no idea what will be in the release of CentOS-7 > until Red Hat releases RHEL-7.6 .. literally, we take the source code > they release .. modify it for Trademarks and Logos .. and release it. > Until it is released, we don't have a clue. > > > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
On Thu, 18 Oct 2018, Robert Moskowitz wrote:> > > On 10/18/18 4:14 PM, Johnny Hughes wrote: >> On 10/18/2018 12:36 PM, Walter H. wrote: >>> On 18.10.2018 00:08, Johnny Hughes wrote: >>>> The bottom line .. we don't make the decision whether or not to use >>>> systemd or not.? We rebuild RHEL source code. >>> will there come a CentOS 6.11 which will be capable of TLS1.3 or HTTP/2? >>> I'm sure there will come a CentOS 8, but when is it probable to be >>> released? >>> >> We have no idea .. we don't design what is in CentOS. If Red Hat adds >> those things to RHEL-6 then we will put them in CentOS .. If they don't >> we won't. > > And for example, if RH does not backport openSSL 1.1.1, you will not get > EDDSA certificate support for TLS? 1.3.? Now you might not care about this > for your servers and just continue to use ECDSA certs. Clients will > increasingly encounter EDDSA certs and it will be interesting to see how this > is handled in older clients.? We have had years to spread support for ECDSA > before it started appearing from servers.? May not for EDDSA.I am under the impression that TLSv1.3 support appeared in 1.1.1 so I don't believe that you could do any TLS 1.3 with prior versions. https://wiki.openssl.org/index.php/TLS1.3 Barry
On 10/18/18 11:06 PM, Barry Brimer wrote:> > > On Thu, 18 Oct 2018, Robert Moskowitz wrote: > >> >> >> On 10/18/18 4:14 PM, Johnny Hughes wrote: >>> On 10/18/2018 12:36 PM, Walter H. wrote: >>>> On 18.10.2018 00:08, Johnny Hughes wrote: >>>>> The bottom line .. we don't make the decision whether or not to use >>>>> systemd or not.? We rebuild RHEL source code. >>>> will there come a CentOS 6.11 which will be capable of TLS1.3 or >>>> HTTP/2? >>>> I'm sure there will come a CentOS 8, but when is it probable to be >>>> released? >>>> >>> We have no idea .. we don't design what is in CentOS.? If Red Hat adds >>> those things to RHEL-6 then we will put them in CentOS .. If they don't >>> we won't. >> >> And for example, if RH does not backport openSSL 1.1.1, you will not >> get EDDSA certificate support for TLS? 1.3.? Now you might not care >> about this for your servers and just continue to use ECDSA certs. >> Clients will increasingly encounter EDDSA certs and it will be >> interesting to see how this is handled in older clients.? We have had >> years to spread support for ECDSA before it started appearing from >> servers.? May not for EDDSA. > > I am under the impression that TLSv1.3 support appeared in 1.1.1 so I > don't believe that you could do any TLS 1.3 with prior versions. > > https://wiki.openssl.org/index.php/TLS1.3Yeah, I was kind of hedging my comment that maybe something for 1.3 would be in the earlier version, but yes, all the TLS 1.3 work was focused on openSSL 1.1.1.? I was personally focused on EDDSA support. So a number of items have to appear in C6 for it to support TLS 1.3.? More slowness in TLS 1.3 availability.? Kind of flies in the face of a claim made against my HIP protocol which 'requires kernel level changes' and thus too hard to deploy.? TLS is an upper layer protocol and changes easily roll out. Yeah, right.