Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
5 posts • Page 1 of 1
I think it will be added when OpenSSL has support for it, as the OpenSSL library is (currently) used in hMailserver
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
I see this with worry, because i dont expect it will be added to OpenSSL 1.0.2.x series anymore.
Its successor OpenSSL 1.1.x has allready TLS 1.3 support which unfortunately doesnt work with hMailServer, because OpenSSL 1.1.x
was heavily modified. If we want OpenSSL 1.1.x Support in hMailServer, Martin or someone else has to to the necessary coding work.
OpenSSL Team quote:
https://www.openssl.org/blog/blog/2018/05/18/new-lts/Our current LTS release is 1.0.2, and it will be supported until the end of 2019. During that last year it will only receive security fixes.
IMHO: Our best bet to get TLS 1.3 Support for hMailServer is by supporting LibreSSL, because it doesnt require a hMailServer rewrite
and the LibreSSL Team allready working on TLS 1.3 support allready.
PS: Even in the upcoming Windows 10 1809 Major Update there is NO TLS 1.3 avaiable, so this will affect IE 11, Edge, Outlook,
the Win10 MailApp and any .NET based Software and any other Windows Software which uses the Windows builtin Crypto features.
This affects also the latest versions of MS-SQL-Server, MS-Exchange Server and even Windows Server 2016.
https://docs.microsoft.com/en-us/window ... s-10-v1809
Since I'm not familiar with LibreSSL the main question is do we know if it currently supports TLS1.3 or is it planning on being so?
Bob Beck from the LibreSSL Team allready anounced TLS 1.3 Support if its finalized
https://github.com/libressl-portable/po ... -375916733We will support 1.3 once the standard is firmed up and finalized (i.e. ceases to be coopted by vendors making changes to allow for people to continue to run moribund middle boxes that can't recognize a new protocol on the wire) Since there is effectively nothing wrong with TLS 1.2 with a sanely chosen cipher suite today, we believe a clean careful implementation is more beneficial than early adoption.