
OpenSSL 1.1.1 Is Released - bendoerr
https://www.openssl.org/blog/blog/2018/09/11/release111/
======
tialaramex
The release page itself mentions the existence of 0RTT in TLS 1.3 but the TLS
1.3 wiki page omits mention of 0RTT. It'd be nice if it said e.g. "We do not
yet offer 0RTT" or whatever is the case.

A compliant TLS 1.3 implementation can of course just not provide 0RTT and
maybe that's what OpenSSL has chosen to do (at least in 1.1.1), if functioning
as a client it just always does the normal 1RTT ClientHello, if as a server it
responds to attempts to do 0RTT by ignoring/ rejecting them.

But if they do have 0RTT they need a separate API to let library users hook
into that, which is why I've supposed they perhaps don't offer it at all. The
reason to have a separate API is that 0RTT doesn't (can't under the practical
constraints of the Internet) offer a bunch of the guarantees we have for 1RTT
and so an application needs to explicitly opt into this risk, often on a case-
by-case basis (e.g. doing GET /favicon.ico with 0RTT is probably safe for your
website, but POST /account/payments is almost certainly not safe unless you
put serious engineering effort into making it so)

~~~
kroeckx
0-RTT / early data is supported. It is mentioned in the blog.

The wiki is really a document about issues you might run into when upgrading,
and 0-RTT is not such a problem. To enable 0-RTT you need to use new
functions.

~~~
tialaramex
Thanks, I would never have discovered this from their blog post but you are
correct that the new functions exist and are documented here:

[https://www.openssl.org/docs/man1.1.1/man3/SSL_allow_early_d...](https://www.openssl.org/docs/man1.1.1/man3/SSL_allow_early_data_cb_fn.html)

------
bendoerr
This is the new LTS release and includes TLS1.3 as well as a rewrite of the
RNG.

------
CaliforniaKarl
Wooooooo! Congratulations OpenSSL Team and all contributors! Now that this is
released, I hope it will be able to appear in RHEL 9 and Debian 10.

------
rmdoss
Does anyone know if nginx will support TLSv1.3 automatically if you recompile
it with 1.1.1?

~~~
Asseon
If your nginx version is 1.13 or newer than yes, that should be enough.

[0]
[http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_p...](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols)

------
wolf550e
Ubuntu 18.04 LTS ships openssl 1.1.0, with the intention to upgrade to 1.1.1.
Does anyone know the timeline for this upgrade? I would like to just have TLS
1.3 without building stuff myself.

