TLS 1.3 support in Ubuntu 18.04
Hello,
I was wondering if anyone knew when TLS 1.3 support would be being released in Apache 2.4 in Ubuntu 18.04? OpenSSL 1.1.1 is now available (and nginx already supports it) but seemingly an update is required to enable this support in Apache.
Ideally we don't want to rely on a third-party repo (I know ones exist for Apache) so I was hoping it would be officially supported soon.
Thanks,
James
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- Ubuntu apache2 Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- James Gregory-Monk
- Solved:
- 2020-09-15
- Last query:
- 2020-09-15
- Last reply:
- 2020-02-23
Bernard Stafford (bernard010) said : | #1 |
https:/
https:/
http://
https:/
https:/
I could only find some reading material
Bernard Stafford (bernard010) said : | #2 |
https:/
This is a list of Debian Packages for TLS 1.3.
Possibly one that you can use. This list is comprised of stable buster releases.
Hi bernard,
Thanks for your replies, but I don't think they answer my question unfortunately. I'm aware that OpenSSL 1.1.1 (which supports TLSv1.3) is available in Bionic, but the Apache package hasn't been updated to support the TLSv1.3 cipher suites. I was hoping someone would be able to advise of any timelines for supporting this.
Thanks,
James
Stuart MacIntosh (barf) said : | #4 |
Hi James,
My expectation is that an upgrade to 20.04 will be required for TLS 1.3 support. Maybe someone else can confirm that?
TLS 1.3 is a new feature (not a specific security vulnerability with a CVE assigned, which would then make it's way into older LTS repos). And if I understand correctly the spec was still being written when 18.04 went LTS.
Hi Stuart,
Given OpenSSL 1.1.1 (which adds TLS 1.3 support) was added to 18.04 after release, it seems a bit odd that Apache hasn't also been updated to support TLS 1.3.
Hopefully someone in the know will be able to update us on the situation :-)
Cheers,
James
Erotavlas (erotavlas) said : | #6 |
Unfortunately, at the moment you have to use a third party PPA as https:/
You need apache 2.4.37+ according to https:/
This appears to have been fixed in 2.4.29-1ubuntu4.12.