[CentOS] Future Releases

Fri Oct 19 20:15:05 UTC 2018
Robert Moskowitz <rgm at htt-consult.com>


On 10/18/18 11:06 PM, Barry Brimer wrote:
>
>
> On Thu, 18 Oct 2018, Robert Moskowitz wrote:
>
>>
>>
>> On 10/18/18 4:14 PM, Johnny Hughes wrote:
>>> On 10/18/2018 12:36 PM, Walter H. wrote:
>>>> On 18.10.2018 00:08, Johnny Hughes wrote:
>>>>> The bottom line .. we don't make the decision whether or not to use
>>>>> systemd or not.  We rebuild RHEL source code.
>>>> will there come a CentOS 6.11 which will be capable of TLS1.3 or 
>>>> HTTP/2?
>>>> I'm sure there will come a CentOS 8, but when is it probable to be
>>>> released?
>>>>
>>> We have no idea .. we don't design what is in CentOS.  If Red Hat adds
>>> those things to RHEL-6 then we will put them in CentOS .. If they don't
>>> we won't.
>>
>> And for example, if RH does not backport openSSL 1.1.1, you will not 
>> get EDDSA certificate support for TLS  1.3.  Now you might not care 
>> about this for your servers and just continue to use ECDSA certs. 
>> Clients will increasingly encounter EDDSA certs and it will be 
>> interesting to see how this is handled in older clients.  We have had 
>> years to spread support for ECDSA before it started appearing from 
>> servers.  May not for EDDSA.
>
> I am under the impression that TLSv1.3 support appeared in 1.1.1 so I 
> don't believe that you could do any TLS 1.3 with prior versions.
>
> https://wiki.openssl.org/index.php/TLS1.3

Yeah, I was kind of hedging my comment that maybe something for 1.3 
would be in the earlier version, but yes, all the TLS 1.3 work was 
focused on openSSL 1.1.1.  I was personally focused on EDDSA support.

So a number of items have to appear in C6 for it to support TLS 1.3.  
More slowness in TLS 1.3 availability.  Kind of flies in the face of a 
claim made against my HIP protocol which 'requires kernel level changes' 
and thus too hard to deploy.  TLS is an upper layer protocol and changes 
easily roll out.

Yeah, right.