TLS 1.3 Support

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS 1.3 Support

Mondain
I've looked over the bc website and release notes; I don't see any
information about TLS 1.3 support. Am I missing something? Is there support
in the Java libraries?

Best Regards,
Paul

--
Reply | Threaded
Open this post in threaded view
|

Re: TLS 1.3 Support

Peter Dettman-3
Hi Paul,
No, TLS 1.3 is not currently supported, although quite a lot of work has
been done on RFC 8446 in the last year. e.g.:

- The "Updates Affecting TLS 1.2" have been applied.
- X25519, X448, Ed25519, Ed448 are supported.
- the new key-schedule HKDF algs are implemented

Regards,
Pete Dettman


On 6/8/19 10:46 pm, Mondain wrote:

> I've looked over the bc website and release notes; I don't see any
> information about TLS 1.3 support. Am I missing something? Is there support
> in the Java libraries?
>
> Best Regards,
> Paul
>
> --
> http://gregoire.org/
> https://github.com/Red5 <http://code.google.com/p/red5/>


Reply | Threaded
Open this post in threaded view
|

Re: TLS 1.3 Support

Mondain
Thank you for the update, Pete; I appreciate all the work BC does for the communities and I saw some notes about sponsoring the TLS 1.3 after I posted the question. While I cannot fund such a large effort myself; has anyone on the team looked at doing a bounty for the work? I'd be willing to contribute to that on something like https://gitcoin.co/ or wherever.

Best Regards,
Paul

On Sun, Aug 11, 2019 at 9:18 PM Peter Dettman <[hidden email]> wrote:
Hi Paul,
No, TLS 1.3 is not currently supported, although quite a lot of work has
been done on RFC 8446 in the last year. e.g.:

- The "Updates Affecting TLS 1.2" have been applied.
- X25519, X448, Ed25519, Ed448 are supported.
- the new key-schedule HKDF algs are implemented

Regards,
Pete Dettman


On 6/8/19 10:46 pm, Mondain wrote:
> I've looked over the bc website and release notes; I don't see any
> information about TLS 1.3 support. Am I missing something? Is there support
> in the Java libraries?
>
> Best Regards,
> Paul
>
> --
> http://gregoire.org/
> https://github.com/Red5 <http://code.google.com/p/red5/>




--
Reply | Threaded
Open this post in threaded view
|

AW: [dev-crypto] TLS 1.3 Support

Eckenfels. Bernd

Just FYI, in Zulu8 JDKs you get the „OpenJSSE“ which is TLS1.3 able and a backport from later OpenJDK versions.  This might help you until you can use the BC version.

 

Gruss

Bernd

Von: Mondain <[hidden email]>
Gesendet: Montag, 12. August 2019 16:06
An: [hidden email]
Cc: [hidden email]
Betreff: Re: [dev-crypto] TLS 1.3 Support

 

Thank you for the update, Pete; I appreciate all the work BC does for the communities and I saw some notes about sponsoring the TLS 1.3 after I posted the question. While I cannot fund such a large effort myself; has anyone on the team looked at doing a bounty for the work? I'd be willing to contribute to that on something like https://gitcoin.co/ or wherever.

 

Best Regards,

Paul

 

On Sun, Aug 11, 2019 at 9:18 PM Peter Dettman <[hidden email]> wrote:

Hi Paul,
No, TLS 1.3 is not currently supported, although quite a lot of work has
been done on RFC 8446 in the last year. e.g.:

- The "Updates Affecting TLS 1.2" have been applied.
- X25519, X448, Ed25519, Ed448 are supported.
- the new key-schedule HKDF algs are implemented

Regards,
Pete Dettman


On 6/8/19 10:46 pm, Mondain wrote:
> I've looked over the bc website and release notes; I don't see any
> information about TLS 1.3 support. Am I missing something? Is there support
> in the Java libraries?
>
> Best Regards,
> Paul
>
> --
> http://gregoire.org/
> https://github.com/Red5 <http://code.google.com/p/red5/>


 

--






     


SEEBURGER AG   Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:   Axel Haas, Michael Kleeberg, Axel Otto, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1  
D-75015 Bretten Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0 Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de Registergericht/Commercial Register:
e-mail: [hidden email] HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.

This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.

Reply | Threaded
Open this post in threaded view
|

Re: TLS 1.3 Support

Mondain
The OpenJSSE stuff is here: https://github.com/openjsse/openjsse I looked at it for my current project, but it seemed very difficult to use with everything seemingly `package private`. Going with something custom util BC has the support built-in.

Regards,
Paul

On Mon, Aug 12, 2019 at 7:18 AM Eckenfels. Bernd <[hidden email]> wrote:

Just FYI, in Zulu8 JDKs you get the „OpenJSSE“ which is TLS1.3 able and a backport from later OpenJDK versions.  This might help you until you can use the BC version.

 

Gruss

Bernd

Von: Mondain <[hidden email]>
Gesendet: Montag, 12. August 2019 16:06
An: [hidden email]
Cc: [hidden email]
Betreff: Re: [dev-crypto] TLS 1.3 Support

 

Thank you for the update, Pete; I appreciate all the work BC does for the communities and I saw some notes about sponsoring the TLS 1.3 after I posted the question. While I cannot fund such a large effort myself; has anyone on the team looked at doing a bounty for the work? I'd be willing to contribute to that on something like https://gitcoin.co/ or wherever.

 

Best Regards,

Paul

 

On Sun, Aug 11, 2019 at 9:18 PM Peter Dettman <[hidden email]> wrote:

Hi Paul,
No, TLS 1.3 is not currently supported, although quite a lot of work has
been done on RFC 8446 in the last year. e.g.:

- The "Updates Affecting TLS 1.2" have been applied.
- X25519, X448, Ed25519, Ed448 are supported.
- the new key-schedule HKDF algs are implemented

Regards,
Pete Dettman


On 6/8/19 10:46 pm, Mondain wrote:
> I've looked over the bc website and release notes; I don't see any
> information about TLS 1.3 support. Am I missing something? Is there support
> in the Java libraries?
>
> Best Regards,
> Paul
>
> --
> http://gregoire.org/
> https://github.com/Red5 <http://code.google.com/p/red5/>


 

--






     


SEEBURGER AG   Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:   Axel Haas, Michael Kleeberg, Axel Otto, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1  
D-75015 Bretten Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0 Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de Registergericht/Commercial Register:
e-mail: [hidden email] HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.

This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.



--
Reply | Threaded
Open this post in threaded view
|

AW: [dev-crypto] TLS 1.3 Support

Eckenfels. Bernd

the OpenJSSE is fully integrated in Zulu, you can change the default JSSE provider with a command-line switch and then use the normal SSLSocket/SSLEngine API.

 

Von: Mondain <[hidden email]>
Gesendet: Montag, 12. August 2019 16:48
An: [hidden email]
Betreff: Re: [dev-crypto] TLS 1.3 Support

 

The OpenJSSE stuff is here: https://github.com/openjsse/openjsse I looked at it for my current project, but it seemed very difficult to use with everything seemingly `package private`. Going with something custom util BC has the support built-in.

 

Regards,

Paul

 

On Mon, Aug 12, 2019 at 7:18 AM Eckenfels. Bernd <[hidden email]> wrote:

Just FYI, in Zulu8 JDKs you get the „OpenJSSE“ which is TLS1.3 able and a backport from later OpenJDK versions.  This might help you until you can use the BC version.

 

Gruss

Bernd

Von: Mondain <[hidden email]>
Gesendet: Montag, 12. August 2019 16:06
An: [hidden email]
Cc: [hidden email]
Betreff: Re: [dev-crypto] TLS 1.3 Support

 

Thank you for the update, Pete; I appreciate all the work BC does for the communities and I saw some notes about sponsoring the TLS 1.3 after I posted the question. While I cannot fund such a large effort myself; has anyone on the team looked at doing a bounty for the work? I'd be willing to contribute to that on something like https://gitcoin.co/ or wherever.

 

Best Regards,

Paul

 

On Sun, Aug 11, 2019 at 9:18 PM Peter Dettman <[hidden email]> wrote:

Hi Paul,
No, TLS 1.3 is not currently supported, although quite a lot of work has
been done on RFC 8446 in the last year. e.g.:

- The "Updates Affecting TLS 1.2" have been applied.
- X25519, X448, Ed25519, Ed448 are supported.
- the new key-schedule HKDF algs are implemented

Regards,
Pete Dettman


On 6/8/19 10:46 pm, Mondain wrote:
> I've looked over the bc website and release notes; I don't see any
> information about TLS 1.3 support. Am I missing something? Is there support
> in the Java libraries?
>
> Best Regards,
> Paul
>
> --
> http://gregoire.org/
> https://github.com/Red5 <http://code.google.com/p/red5/>


 

--





 

 

 

 

SEEBURGER AG

 

Vorstand/SEEBURGER Executive Board:

Sitz der Gesellschaft/Registered Office:

 

Axel Haas, Michael Kleeberg, Axel Otto, Dr. Martin Kuntz, Matthias Feßenbecker

Edisonstr. 1

 

D-75015 Bretten

Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:

Tel.: 07252 / 96 - 0

Prof. Dr. Simone Zeuchner

Fax: 07252 / 96 - 2222

Internet: http://www.seeburger.de

Registergericht/Commercial Register:

e-mail: [hidden email]

HRB 240708 Mannheim

 

Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.

This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.


 

--






     


SEEBURGER AG   Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:   Axel Haas, Michael Kleeberg, Axel Otto, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1  
D-75015 Bretten Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0 Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de Registergericht/Commercial Register:
e-mail: [hidden email] HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.

This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.

Reply | Threaded
Open this post in threaded view
|

Re: TLS 1.3 Support

Mondain
Bernd, Understood, but too restrictive for custom DTLS or Quic implementations.

On Mon, Aug 12, 2019 at 7:53 AM Eckenfels. Bernd <[hidden email]> wrote:

the OpenJSSE is fully integrated in Zulu, you can change the default JSSE provider with a command-line switch and then use the normal SSLSocket/SSLEngine API.

 

Von: Mondain <[hidden email]>
Gesendet: Montag, 12. August 2019 16:48
An: [hidden email]
Betreff: Re: [dev-crypto] TLS 1.3 Support

 

The OpenJSSE stuff is here: https://github.com/openjsse/openjsse I looked at it for my current project, but it seemed very difficult to use with everything seemingly `package private`. Going with something custom util BC has the support built-in.

 

Regards,

Paul

 

On Mon, Aug 12, 2019 at 7:18 AM Eckenfels. Bernd <[hidden email]> wrote:

Just FYI, in Zulu8 JDKs you get the „OpenJSSE“ which is TLS1.3 able and a backport from later OpenJDK versions.  This might help you until you can use the BC version.

 

Gruss

Bernd

Von: Mondain <[hidden email]>
Gesendet: Montag, 12. August 2019 16:06
An: [hidden email]
Cc: [hidden email]
Betreff: Re: [dev-crypto] TLS 1.3 Support

 

Thank you for the update, Pete; I appreciate all the work BC does for the communities and I saw some notes about sponsoring the TLS 1.3 after I posted the question. While I cannot fund such a large effort myself; has anyone on the team looked at doing a bounty for the work? I'd be willing to contribute to that on something like https://gitcoin.co/ or wherever.

 

Best Regards,

Paul

 

On Sun, Aug 11, 2019 at 9:18 PM Peter Dettman <[hidden email]> wrote:

Hi Paul,
No, TLS 1.3 is not currently supported, although quite a lot of work has
been done on RFC 8446 in the last year. e.g.:

- The "Updates Affecting TLS 1.2" have been applied.
- X25519, X448, Ed25519, Ed448 are supported.
- the new key-schedule HKDF algs are implemented

Regards,
Pete Dettman


On 6/8/19 10:46 pm, Mondain wrote:
> I've looked over the bc website and release notes; I don't see any
> information about TLS 1.3 support. Am I missing something? Is there support
> in the Java libraries?
>
> Best Regards,
> Paul
>
> --
> http://gregoire.org/
> https://github.com/Red5 <http://code.google.com/p/red5/>


 

--





 

 

 

 

SEEBURGER AG

 

Vorstand/SEEBURGER Executive Board:

Sitz der Gesellschaft/Registered Office:

 

Axel Haas, Michael Kleeberg, Axel Otto, Dr. Martin Kuntz, Matthias Feßenbecker

Edisonstr. 1

 

D-75015 Bretten

Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:

Tel.: 07252 / 96 - 0

Prof. Dr. Simone Zeuchner

Fax: 07252 / 96 - 2222

Internet: http://www.seeburger.de

Registergericht/Commercial Register:

e-mail: [hidden email]

HRB 240708 Mannheim

 

Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.

This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.


 

--






     


SEEBURGER AG   Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:   Axel Haas, Michael Kleeberg, Axel Otto, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1  
D-75015 Bretten Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0 Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de Registergericht/Commercial Register:
e-mail: [hidden email] HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.

This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.



--