~int80h/gemserv#5: 
No TLS 1.3 ?

On my ArchLinux box, with Rust package openssl v0.10.32 and the version 1.1.1.i-2 of the OpenSSL library, and gemserv from git HEAD, I cannot connect with TLS 1.3, only 1.2.

% openssl s_client -connect gemini.bortzmeyer.org:1965
...
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384

While MollyBrown can do it:

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Status
RESOLVED FIXED
Submitter
~bortzmeyer
Assigned to
No-one
Submitted
1 year, 5 months ago
Updated
8 months ago
Labels
No labels applied.

~int80h 1 year, 4 months ago

Thank you for letting me know. I'll have to look into how to fix it. On my OpenBSD laptop it can use v1.3 already and won't let me set it to v1.3 only. However, on Ubuntu 20.10 it lets me set it to v1.3 only but doesn't actually work.

~bortzmeyer 1 year, 4 months ago

On Sun, Apr 11, 2021 at 02:43:23AM -0000, ~int80h outgoing@sr.ht wrote a message of 30 lines which said:

Thank you for letting me know. I'll have to look into how to fix it. On my OpenBSD laptop it can use v1.3 already and won't let me set it to v1.3 only. However, on Ubuntu 20.10 it lets me set it to v1.3 only but doesn't actually work.

Besides the fact that TLS 1.3 is better, this is specially important for client certificates https://gitlab.com/gemini-specification/protocol/-/issues/12.

~int80h 8 months ago

Interestingly if compiled with Libressl on any OS it works. Seems to be something to do with Openssl or the rust bindings to Openssl.

~int80h REPORTED FIXED 8 months ago

Register here or Log in to comment, or comment via email.