PDA

View Full Version : SLES 12 SP3 TLS 1.3 available ?



cisaksen
06-Jun-2018, 15:34
Does anyone know when openssl 1.1.1 with tls 1.3 support will be available for SUSE 12 SP3 or later?

We want to get our NGINX web servers and Load balancers using TLS 1.3 as soon as possible. We know the browsers are still playing catch up but we want to be ready when they do.

NGINX TLS1.3 requirements: The TLSv1.3 parameter (1.13.0) works only when OpenSSL 1.1.1 built with TLSv1.3 support is used.

Current openssl version available on SP3 is 1.0.2j-60.24.1

Thanks

malcolmlewis
06-Jun-2018, 19:33
Does anyone know when openssl 1.1.1 with tls 1.3 support will be available for SUSE 12 SP3 or later?

We want to get our NGINX web servers and Load balancers using TLS 1.3 as soon as possible. We know the browsers are still playing catch up but we want to be ready when they do.

NGINX TLS1.3 requirements: The TLSv1.3 parameter (1.13.0) works only when OpenSSL 1.1.1 built with TLSv1.3 support is used.

Current openssl version available on SP3 is 1.0.2j-60.24.1

Thanks
Hi
Not sure if it would make it to SP4, if anything it would be just backported fixes etc. Let me ask my SUSE contacts.

AndreasMeyer
06-Jun-2018, 19:33
See chaptre 9.6.5 of SLES15 release notes:
https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/#Packages.Modules

Again: SLE 15

cisaksen
06-Jun-2018, 20:17
Needs to SUSE 12 - 15 is not an option for us yet as there are too many changes that we will need to test before we rebuild our systems on 15. All of our systems were built on 12 SP0 and migrated up. To go to SUSE 15 would need a rebuild as was recommended from a SUSE webcast just a week or 2 ago.

Thanks though. Really need this to be in SP4 or just a upgrade in general. Either that or compile openssl separately and use it to compile nginx.

HvdHeuvel
07-Jun-2018, 08:10
Hello cisaksen,


Needs to SUSE 12 - 15 is not an option for us yet as there are too many changes that we will need to test before we rebuild our systems on 15. All of our systems were built on 12 SP0 and migrated up. To go to SUSE 15 would need a rebuild as was recommended from a SUSE webcast just a week or 2 ago.

Thanks though. Really need this to be in SP4 or just a upgrade in general. Either that or compile openssl separately and use it to compile nginx.


Malcolm has flagged the question, and I have raised the same internally.

Please do note that since TLS 1.3 is not yet finally approved, openssl 1.1.1 is also not yet released.

SUSE does currently plan to have openssl 1.1.1 support in :
- SLES 12 SP4, and we will than start porting some applications over to it.
- SLE15 does not have it yet, since it is also not released yet.

Older SLE service packs are not currently in the planning to also get this ...

SUSE aims to release a maintenance update to openssl 1.1.1 once it is also released by the openssl team upstream.
Hope this helps ?

Best regards
Hans

cisaksen
07-Jun-2018, 16:53
Hans that's perfect, If it's going to be in 12 SP4 and 15 eventually then we can at least plan for this.

Thanks much appreciated.

HvdHeuvel
11-Jun-2018, 20:03
On Thu, 07 Jun 2018 15:54:02 +0000, cisaksen wrote:

> Hans that's perfect, If it's going to be in 12 SP4 and 15 eventually
> then we can at least plan for this.
>
> Thanks much appreciated.

Glad to see that works out for you :-)

Thanks
Hans