[Libwebsockets] lws + OpenSSL TLS v1.3
andy at warmcat.com
Sat Oct 20 02:03:30 CEST 2018
TLS v1.3 has been out for a little while and the OpenSSL version (1.1.1)
with it in has started to appear in newer distros: it's in Fedora 29 and
I updated my build box and libwebsockets.org to Fedora 29 prerelease,
everything "just works" after rebuilding lws against the later OpenSSL
without compile errors or warnings.
SSLlabs reports TLS v1.2 and v1.3 enabled and it's still scored A+.
I added a small patch on OpenSSL support that makes an INFO level log on
both server accepts and client connections, without changing anything it
lws_openssl_describe_cipher: wsi 0xe55910: TLS_AES_256_GCM_SHA384,
TLS_AES_256_GCM_SHA384, 256 bits, TLSv1.3
As far as I can tell, for OpenSSL 1.1.1 users, it will "just work" and
if both peers support TLSv1.3, it will negotiate that.
More information about the Libwebsockets