TLS 1.3 Support

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
raidensnake
New user
New user
Posts: 11
Joined: 2018-09-22 10:26

TLS 1.3 Support

Post by raidensnake » 2018-11-26 21:48

I posted a recent github issue here about adding TLS1.3 support.
https://github.com/hmailserver/hmailserver/issues/271

Are there any plans of adding this?

User avatar
mattg
Moderator
Moderator
Posts: 22435
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: TLS 1.3 Support

Post by mattg » 2018-11-26 23:58

I think it will be added when OpenSSL has support for it, as the OpenSSL library is (currently) used in hMailserver
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: TLS 1.3 Support

Post by Dravion » 2018-11-27 10:28

mattg wrote:
2018-11-26 23:58
I think it will be added when OpenSSL has support for it, as the OpenSSL library is (currently) used in hMailserver
I see this with worry, because i dont expect it will be added to OpenSSL 1.0.2.x series anymore.
Its successor OpenSSL 1.1.x has allready TLS 1.3 support which unfortunately doesnt work with hMailServer, because OpenSSL 1.1.x
was heavily modified. If we want OpenSSL 1.1.x Support in hMailServer, Martin or someone else has to to the necessary coding work.

OpenSSL Team quote:
Our current LTS release is 1.0.2, and it will be supported until the end of 2019. During that last year it will only receive security fixes.
https://www.openssl.org/blog/blog/2018/05/18/new-lts/

IMHO: Our best bet to get TLS 1.3 Support for hMailServer is by supporting LibreSSL, because it doesnt require a hMailServer rewrite
and the LibreSSL Team allready working on TLS 1.3 support allready.

PS: Even in the upcoming Windows 10 1809 Major Update there is NO TLS 1.3 avaiable, so this will affect IE 11, Edge, Outlook,
the Win10 MailApp and any .NET based Software and any other Windows Software which uses the Windows builtin Crypto features.
This affects also the latest versions of MS-SQL-Server, MS-Exchange Server and even Windows Server 2016.

See:
https://docs.microsoft.com/en-us/window ... s-10-v1809

raidensnake
New user
New user
Posts: 11
Joined: 2018-09-22 10:26

Re: TLS 1.3 Support

Post by raidensnake » 2018-11-28 13:04

Dravion wrote:
2018-11-27 10:28
IMHO: Our best bet to get TLS 1.3 Support for hMailServer is by supporting LibreSSL, because it doesnt require a hMailServer rewrite
and the LibreSSL Team allready working on TLS 1.3 support allready.
Since I'm not familiar with LibreSSL the main question is do we know if it currently supports TLS1.3 or is it planning on being so?

User avatar
Dravion
Senior user
Senior user
Posts: 2071
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: TLS 1.3 Support

Post by Dravion » 2018-11-28 13:32

raidensnake wrote:
2018-11-28 13:04
Since I'm not familiar with LibreSSL the main question is do we know if it currently supports TLS1.3 or is it planning on being so?
Bob Beck from the LibreSSL Team allready anounced TLS 1.3 Support if its finalized
We will support 1.3 once the standard is firmed up and finalized (i.e. ceases to be coopted by vendors making changes to allow for people to continue to run moribund middle boxes that can't recognize a new protocol on the wire) Since there is effectively nothing wrong with TLS 1.2 with a sanely chosen cipher suite today, we believe a clean careful implementation is more beneficial than early adoption.
https://github.com/libressl-portable/po ... -375916733

Post Reply