[Libwebsockets] lws + OpenSSL TLS v1.3

Brice Hamon brice at ydotm.com
Sat Oct 20 03:05:46 CEST 2018


Congrats Andy.
Thanks for the update.
Brice.

On Fri, Oct 19, 2018 at 8:03 PM Andy Green <andy at warmcat.com> wrote:

> Hi -
>
> TLS v1.3 has been out for a little while and the OpenSSL version (1.1.1)
> with it in has started to appear in newer distros: it's in Fedora 29 and
> Ubuntu 18.10.
>
> I updated my build box and libwebsockets.org to Fedora 29 prerelease,
> everything "just works" after rebuilding lws against the later OpenSSL
> without compile errors or warnings.
>
> SSLlabs reports TLS v1.2 and v1.3 enabled and it's still scored A+.
>
> I added a small patch on OpenSSL support that makes an INFO level log on
> both server accepts and client connections, without changing anything it
> says this:
>
>   lws_openssl_describe_cipher: wsi 0xe55910: TLS_AES_256_GCM_SHA384,
> TLS_AES_256_GCM_SHA384, 256 bits, TLSv1.3
>
> As far as I can tell, for OpenSSL 1.1.1 users, it will "just work" and
> if both peers support TLSv1.3, it will negotiate that.
>
> -Andy
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> https://libwebsockets.org/mailman/listinfo/libwebsockets
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20181019/620dfc5b/attachment.html>


More information about the Libwebsockets mailing list