On Fri, Oct 19, 2018 at 10:15 PM Robert Moskowitz rgm@htt-consult.com wrote:
Yeah, I was kind of hedging my comment that maybe something for 1.3 would be in the earlier version, but yes, all the TLS 1.3 work was focused on openSSL 1.1.1. I was personally focused on EDDSA support.
So a number of items have to appear in C6 for it to support TLS 1.3. More slowness in TLS 1.3 availability. Kind of flies in the face of a claim made against my HIP protocol which 'requires kernel level changes' and thus too hard to deploy. TLS is an upper layer protocol and changes easily roll out.
Yeah, right.
Keep in mind that first version of RHEL 6 was released 8 years ago and since May 2017 is in Maintenance Level 2, that means: Software Enhancements = No more info here https://access.redhat.com/support/policy/updates/errata/
Coming to the particular question of OpenSSL, originally was released with 1.0.0 in RHEL 6, then rebased to 1.0.1e in 2013 with RH EL 6.5 (but when still in Full Support phase). Here are interesting discussions and articles you can access without Red Hat login: https://access.redhat.com/discussions/3440141 and https://access.redhat.com/discussions/2172641 and https://access.redhat.com/articles/1462223
And CentOS follows in cascade
Gianluca