Tls 1.3 & 1.1.1.1


#1

OpenSSL 1.1.1 is released. FreeBSD 12 is about to be beta. Im not sure yet if i can compile Unbound with OpenSSL 1.1.1 but I think I can. So really the only thing stopping me from doing DNS > TLS 1.3 is Cloudflare being 1.2… This seems kinda odd as Cloudflare has been very proactive with TLS 1.3…

When is Cloudflare going to go TLS 1.3 for 1.1.1.1 ?


#2

I believe it’s due to differing TLS 1.3 drafts (DNS over TLS) supported currently by Cloudflare 1.1.1.1 - AFAIK, Cloudflare 1.1.1.1 is using TLS 1.3 draft 28. While OpenSSL 1.1.1.1 and BoringSSL use TLS 1.3 RFC final. So 1.1.1.1 requests would downgrade to TLS 1.2 when OpenSSL 1.1.1.1 client with TLS 1.3 RFC final is used.


#3

Hmm… I assumed it only supported 1.2 because that is what it says on the bottom of this page. Maybe this page is old ? https://developers.cloudflare.com/1.1.1.1/dns-over-tls/

TLS 1.3 RFC Final is the correct one and im surprized Cloudflare would be still on a draft version.

I fully admit, I have not tried this yet as the page above led me to believe only 1.2 was supported.

I did try and make Unbound 1.8.0 after making OpenSSL 1.1.1 on FreeBSD 11.2 and ended up with some errors i need to look at better. Most likely my mistakes. I will try with the FreeBSD 12.0 Beta hopefully later this week. Not sure if it will have OpenSSL 1.1.0 or 1.1.1 tho.


#4

On CentOS 7.5 64bit system for DNS over TLS

OpenSSL 1.0.2 system

echo | openssl s_client -connect 1.1.1.1:853

New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-ECDSA-AES256-GCM-SHA384

OpenSSL 1.1.1

fails as TLS 1.3 RFC spec doesn’t allow fallback if negotiation failed ???

echo | /opt/openssl/bin/openssl s_client -connect 1.1.1.1:853

CONNECTED(00000005)
139667509040960:error:1425F175:SSL routines:ssl_choose_client_version:inappropriate fallback:ssl/statem/statem_lib.c:1929:

BoringSSL with TLS 1.3 RFC

re-patched to re-add TLS 1.3 draft 23/28 which were recently removed

echo -n | bssl s_client -connect 1.1.1.1:853                      
Connecting to 1.1.1.1:853
Connected.
  Version: TLSv1.3
  Resumed session: no
  Cipher: TLS_AES_128_GCM_SHA256
  ECDHE curve: X25519
  Signature algorithm: ecdsa_secp256r1_sha256
  Secure renegotiation: yes
  Extended master secret: yes
  Next protocol negotiated: 
  ALPN protocol: 
  OCSP staple: no
  SCT list: no
  Early data: no
  Cert subject: C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = *.cloudflare-dns.com
  Cert issuer: C = US, O = DigiCert Inc, CN = DigiCert ECC Secure Server CA

#5

Well, thats pretty conclusive :slight_smile: Thank you for saving me a bunch of headache :slight_smile:

Well hopefully 1.1.1.1 will move to RFC Final soon ?


#6

Maybe part of their TLS 1.3 RFC update work they have planned Cloudflare speak TLS 1.3 0-RTT with Origin Backend? ??


#7

Thats a interesting difference in

ECDHE-ECDSA-AES256-GCM-SHA384
VS
TLS_AES_128_GCM_SHA256


#8

Yeah later TLS_AES_128_GCM_SHA256 is TLS 1.3 cipher


#9

This Crypto stuff is a deep subject ! hahaha… Thanks EVA2000.


#10

for OpenSSL 1.1.1 and TLS 1.3 see https://wiki.openssl.org/index.php/TLS1.3


#11

I wonder why BoringSSL did not negotiate TLS_AES_256_GCM_SHA384 doing via 1.3 ? Well all this is pretty beta at the moment. Im sure in a month or so this will all get more ‘hashed’ out… hehehe…


#12

Probably Cloudflare configured server side cipher preferences - CF seem to prefer AES128 even on HTTPS TLS 1.3


#13

That was a good read in the link you provided above. Im not sure Unbound is ready for DNS over TLS 1.3. I need to research this more. I got some weird compile errors using OpenSSL 1.1.1 and Unbound 1.8.0 I thought were my own mistakes, but, maybe not.


#14

Would love to see 1.3 final being part of this week’s announcements.


#15

That would be sweat though really Cloudflare can’t update to TLS 1.3 RFC final until major web browsers like Chrome/Firefox update too as that isn’t scheduled until next month in Chrome 70 and Firefox 63. Otherwise, Cloudflare TLS 1.3 enabled users won’t be able to connect to the current browser versions over TLS 1.3.


#16

Yep… Previous versions and the RFC Final are not compatible. Its a known issue. So a upgrade means you break everyone who is using it currently pre Final. That day will come tho and that will be a bit jarring for everyone using pre Final versions. BUT that comes with playing with RC’s…


#17

I have checked with the Unbound devs and Unbound will compile with OpenSSL 1.1.1… So… Looks like its all up to Cloudflare. DNSSEC and TLS over TLS 1.3 is close at hand.


#18

The OpenSSL 1.1.1 beta implements TLS1.3 final which is incompatible with TLS1.3 draft28 that GnuTLS implements. So we’ve disabled the TLS1.3 draft28 for the time being (so at least it works over TLS1.2) while working on implementing the TLS1.3 final support.


#19

what about OpenSSL 1.1.1 final GA release’s TLS 1.3 RFC final ? That as removed TLS 1.3 draft 23/28 and only has TLS 1.3 RFC Final.


#20

Its like a version a week… Brings to mind, what is stable just exactly ?

https://www.openssl.org/news/changelog.html#x0