[Libwebsockets] lws + OpenSSL TLS v1.3

Andy Green andy at warmcat.com
Sat Oct 20 02:03:30 CEST 2018


Hi -

TLS v1.3 has been out for a little while and the OpenSSL version (1.1.1) 
with it in has started to appear in newer distros: it's in Fedora 29 and 
Ubuntu 18.10.

I updated my build box and libwebsockets.org to Fedora 29 prerelease, 
everything "just works" after rebuilding lws against the later OpenSSL 
without compile errors or warnings.

SSLlabs reports TLS v1.2 and v1.3 enabled and it's still scored A+.

I added a small patch on OpenSSL support that makes an INFO level log on 
both server accepts and client connections, without changing anything it 
says this:

  lws_openssl_describe_cipher: wsi 0xe55910: TLS_AES_256_GCM_SHA384, 
TLS_AES_256_GCM_SHA384, 256 bits, TLSv1.3

As far as I can tell, for OpenSSL 1.1.1 users, it will "just work" and 
if both peers support TLSv1.3, it will negotiate that.

-Andy


More information about the Libwebsockets mailing list