TLS 1.3 for faster https


#1

Since August, HTTPS got faster. The TLS 1.3 is out. Is v4 already put the new tls to work or what is the plan?
If not, can we do it ourselves and how?
Thanks


#2

EasyEngine v4 has support for TLS 1.3 out of the box :partying_face: :tada:


#3

Great, and me as an end-user doesn’t have to do anything, It is already working my https?
or
it is supported but requires a tweak?


#4

Awesome that it’s supported! I’m getting an A on ssllabs but it’s telling me that my server does not support TLS 1.3 – as @bredpit said is there anything we need to configure to enable it?

Edit: I see it is enabled in default.conf – maybe it’s just my browser using 1.2?


#5

@bredpit @msarhan I tried to verify myself but I couldn’t find any online services that would verify it. I tried to verify it with curl, but it gave following error - libssl should be compiled with TLS 1.3 support.

Hence I could not verify myself that a site works on TLS 1.3, but theoretically, it should work.


#6

ssllabs can test your site for 1.3 and I tested it there it says not supported for some reason. And if you look at the headers in your browser console it’ll show 1.2 as well, afaik all up to date browsers now are 1.3 compliant. The default nginx.conf file has it enabled so I am not sure why it’s not working but perhaps a bug to be fixed in a future release?


#7

Looks like that’s because TLS 1.3 support in OpenSSL landed in version 1.3 - https://wiki.openssl.org/index.php/TLS1.3

and EasyEngine’s nginx-proxy image uses debian 9 which has OpenSSL v 1.1.0. Once support for OpenSSL v1.1.1 lands in debian, we can will enable support for TLS 1.3