On 10/18/18 11:06 PM, Barry Brimer wrote: > > > On Thu, 18 Oct 2018, Robert Moskowitz wrote: > >> >> >> On 10/18/18 4:14 PM, Johnny Hughes wrote: >>> On 10/18/2018 12:36 PM, Walter H. wrote: >>>> On 18.10.2018 00:08, Johnny Hughes wrote: >>>>> The bottom line .. we don't make the decision whether or not to use >>>>> systemd or not. We rebuild RHEL source code. >>>> will there come a CentOS 6.11 which will be capable of TLS1.3 or >>>> HTTP/2? >>>> I'm sure there will come a CentOS 8, but when is it probable to be >>>> released? >>>> >>> We have no idea .. we don't design what is in CentOS. If Red Hat adds >>> those things to RHEL-6 then we will put them in CentOS .. If they don't >>> we won't. >> >> And for example, if RH does not backport openSSL 1.1.1, you will not >> get EDDSA certificate support for TLS 1.3. Now you might not care >> about this for your servers and just continue to use ECDSA certs. >> Clients will increasingly encounter EDDSA certs and it will be >> interesting to see how this is handled in older clients. We have had >> years to spread support for ECDSA before it started appearing from >> servers. May not for EDDSA. > > I am under the impression that TLSv1.3 support appeared in 1.1.1 so I > don't believe that you could do any TLS 1.3 with prior versions. > > https://wiki.openssl.org/index.php/TLS1.3 Yeah, I was kind of hedging my comment that maybe something for 1.3 would be in the earlier version, but yes, all the TLS 1.3 work was focused on openSSL 1.1.1. I was personally focused on EDDSA support. So a number of items have to appear in C6 for it to support TLS 1.3. More slowness in TLS 1.3 availability. Kind of flies in the face of a claim made against my HIP protocol which 'requires kernel level changes' and thus too hard to deploy. TLS is an upper layer protocol and changes easily roll out. Yeah, right.