TLS 1.3 available ?

cisaksencisaksen Senior Member
Does anyone know when openssl 1.1.1 with tls 1.3 support will be available for SUSE 12 SP3 or later?

We want to get our NGINX web servers and Load balancers using TLS 1.3 as soon as possible. We know the browsers are still playing catch up but we want to be ready when they do.

NGINX TLS1.3 requirements: The TLSv1.3 parameter (1.13.0) works only when OpenSSL 1.1.1 built with TLSv1.3 support is used.

Current openssl version available on SP3 is 1.0.2j-60.24.1

Thanks

Comments

  • malcolmlewismalcolmlewis Knowledge Partner
    cisaksen wrote: »
    Does anyone know when openssl 1.1.1 with tls 1.3 support will be available for SUSE 12 SP3 or later?

    We want to get our NGINX web servers and Load balancers using TLS 1.3 as soon as possible. We know the browsers are still playing catch up but we want to be ready when they do.

    NGINX TLS1.3 requirements: The TLSv1.3 parameter (1.13.0) works only when OpenSSL 1.1.1 built with TLSv1.3 support is used.

    Current openssl version available on SP3 is 1.0.2j-60.24.1

    Thanks
    Hi
    Not sure if it would make it to SP4, if anything it would be just backported fixes etc. Let me ask my SUSE contacts.
  • AndreasAndreas Senior Member
    See chaptre 9.6.5 of SLES15 release notes:
    https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/#Packages.Modules

    Again: SLE 15
  • cisaksencisaksen Senior Member
    Needs to SUSE 12 - 15 is not an option for us yet as there are too many changes that we will need to test before we rebuild our systems on 15. All of our systems were built on 12 SP0 and migrated up. To go to SUSE 15 would need a rebuild as was recommended from a SUSE webcast just a week or 2 ago.

    Thanks though. Really need this to be in SP4 or just a upgrade in general. Either that or compile openssl separately and use it to compile nginx.
  • HvdHeuvelHvdHeuvel Administrator
    Hello cisaksen,
    cisaksen wrote: »
    Needs to SUSE 12 - 15 is not an option for us yet as there are too many changes that we will need to test before we rebuild our systems on 15. All of our systems were built on 12 SP0 and migrated up. To go to SUSE 15 would need a rebuild as was recommended from a SUSE webcast just a week or 2 ago.

    Thanks though. Really need this to be in SP4 or just a upgrade in general. Either that or compile openssl separately and use it to compile nginx.

    Malcolm has flagged the question, and I have raised the same internally.

    Please do note that since TLS 1.3 is not yet finally approved, openssl 1.1.1 is also not yet released.

    SUSE does currently plan to have openssl 1.1.1 support in :
    - SLES 12 SP4, and we will than start porting some applications over to it.
    - SLE15 does not have it yet, since it is also not released yet.

    Older SLE service packs are not currently in the planning to also get this ...

    SUSE aims to release a maintenance update to openssl 1.1.1 once it is also released by the openssl team upstream.
    Hope this helps ?

    Best regards
    Hans
  • cisaksencisaksen Senior Member
    Hans that's perfect, If it's going to be in 12 SP4 and 15 eventually then we can at least plan for this.

    Thanks much appreciated.
  • HvdHeuvelHvdHeuvel Administrator
    On Thu, 07 Jun 2018 15:54:02 +0000, cisaksen wrote:

    > Hans that's perfect, If it's going to be in 12 SP4 and 15 eventually
    > then we can at least plan for this.
    >
    > Thanks much appreciated.


    Glad to see that works out for you :-)

    Thanks
    Hans
  • FredericFrederic New or Quiet Member
    Hello

    I have exactly the same kind of question : teams here use SLES12 SP5 and ask when the TLS 1.3 will be supported by the Nginx installed.
    For the moment, openssl is still in 1.0 version (1.0.2p-1.13) and nginx is 1.14.2-16.1.

    Is there any chance to have an openssl 1.1.1 in SP5 soon ?

    Regards
  • malcolmlewismalcolmlewis Knowledge Partner
    Hello

    I have exactly the same kind of question : teams here use SLES12 SP5 and ask when the TLS 1.3 will be supported by the Nginx installed.
    For the moment, openssl is still in 1.0 version (1.0.2p-1.13) and nginx is 1.14.2-16.1.

    Is there any chance to have an openssl 1.1.1 in SP5 soon ?

    Regards
    Hi and welcome to the Forum :)
    I spoke with my SUSE Contacts and they indicate the openssl-1_1 is there (since it's a shared library can co-exist). Can you check to see if it is present in your active repositories?
  • Hi Frederic

    Recently I created https://www.suse.com/support/kb/doc/?id=7024362 to help us all get an overview of the OpenSSL versions in SLES.
    Hopefully it helps.

    Best regards
    Andreas
  • FredericFrederic New or Quiet Member
    Thanks for your answer

    I can see the libopenssl1_1 in directories but I was asking for the full cmd tool.
    The fact is that some of us are waiting for a nginx supporting the TLS 1.3 which is not the case for the moment in SP5 (and I suppose it will not be the case till nginx is not compiled with openssl 1_1 ).
Sign In or Register to comment.