TLS 1.3 support in Ubuntu 18.04

Asked by James Gregory-Monk on 2020-01-28

Hello,

I was wondering if anyone knew when TLS 1.3 support would be being released in Apache 2.4 in Ubuntu 18.04? OpenSSL 1.1.1 is now available (and nginx already supports it) but seemingly an update is required to enable this support in Apache.

Ideally we don't want to rely on a third-party repo (I know ones exist for Apache) so I was hoping it would be officially supported soon.

Thanks,
James

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu apache2 Edit question
Assignee:
No assignee Edit question
Solved by:
James Gregory-Monk
Solved:
2020-09-15
Last query:
2020-09-15
Last reply:
2020-02-23
Bernard Stafford (bernard010) said : #2

https://packages.debian.org/search?keywords=tls+1.3&searchon=all&suite=stable&section=all

This is a list of Debian Packages for TLS 1.3.
Possibly one that you can use. This list is comprised of stable buster releases.

Hi bernard,

Thanks for your replies, but I don't think they answer my question unfortunately. I'm aware that OpenSSL 1.1.1 (which supports TLSv1.3) is available in Bionic, but the Apache package hasn't been updated to support the TLSv1.3 cipher suites. I was hoping someone would be able to advise of any timelines for supporting this.

Thanks,
James

Stuart MacIntosh (barf) said : #4

Hi James,

My expectation is that an upgrade to 20.04 will be required for TLS 1.3 support. Maybe someone else can confirm that?

TLS 1.3 is a new feature (not a specific security vulnerability with a CVE assigned, which would then make it's way into older LTS repos). And if I understand correctly the spec was still being written when 18.04 went LTS.

Hi Stuart,

Given OpenSSL 1.1.1 (which adds TLS 1.3 support) was added to 18.04 after release, it seems a bit odd that Apache hasn't also been updated to support TLS 1.3.

Hopefully someone in the know will be able to update us on the situation :-)

Cheers,
James

Erotavlas (erotavlas) said : #6

Unfortunately, at the moment you have to use a third party PPA as https://launchpad.net/~ondrej/+archive/ubuntu/apache2
You need apache 2.4.37+ according to https://www.tecmint.com/enable-tls-in-apache-and-nginx/

This appears to have been fixed in 2.4.29-1ubuntu4.12.