Bug 11971 - Apache does not use TLS 1.3
Summary: Apache does not use TLS 1.3
Alias: None
Product: IPFire
Classification: Unclassified
Component: --- (show other bugs)
Version: 2
Hardware: unspecified Unspecified
: - Unknown - Security
Assignee: Peter Müller
QA Contact:
Depends on:
Blocks: 11913
  Show dependency treegraph
Reported: 2019-01-22 14:22 UTC by Michael Tremer
Modified: 2019-03-15 16:44 UTC (History)
3 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Michael Tremer 2019-01-22 14:22:39 UTC
So I installed the new nightly build with OpenSSL 1.1.1 and my browser (which supports TLS 1.3) does not use TLS 1.3 to connect to the IPFire web UI.

It uses TLS 1.2 instead. Apache has been built against the same version of OpenSSL so I suppose it is aware of TLS 1.3.

I used Firefox 64.0.2.
Comment 1 Peter Müller 2019-01-22 17:34:17 UTC
I will have a look at it.
Comment 2 Peter Müller 2019-01-23 13:39:30 UTC
Apache 2.4.36 is required for this:

I should have updated the package, too. Hrmpf.

Will do so later on...
Comment 3 Michael Tremer 2019-01-23 18:53:47 UTC
Yes, please do that. Please coordinate with Wolfgang, too.
Comment 4 Wolfgang Apolinarski 2019-01-25 17:35:31 UTC
I already read the comment from Peter that he will update the package, just before I wanted to start my "update-cycle".

I'm fine with that, if you run into problems please contact me.

BTW: I already have a configuration for HTTP/2 running, but I was not at all impressed by the speed (I added other HTTP/2 components for speed checking). This is why I gave this a low priority. Nevertheless, the feature will be ready eventually.
Comment 5 Peter Müller 2019-02-06 17:45:52 UTC
This is on MODIFIED by now: https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=57bc05a53de810f2b4dca122f209be4b547f9d5f
Comment 6 Michael Tremer 2019-02-14 11:26:23 UTC
Can confirm that this is working now. Tested with FF.