TLS 1.3 support in Ubuntu 18.04

https://www.phoronix.com/scan.php?page=news_item&px=Ubuntu-18.04-OpenSSL-1.1.1-TLS

https://unix.stackexchange.com/questions/443341/how-to-enable-tlsv1-3-in-apache2

http://manpages.ubuntu.com/manpages/bionic/man3/CURLOPT_SSLVERSION.3.html

https://ayesh.me/TLSv1.3-Apache

https://help.ubuntu.com/lts/serverguide/

I could only find some reading material

https://packages.debian.org/search?keywords=tls+1.3&searchon=all&suite=stable&section=all

This is a list of Debian Packages for TLS 1.3.
Possibly one that you can use. This list is comprised of stable buster releases.

Hi bernard,

Thanks for your replies, but I don't think they answer my question unfortunately. I'm aware that OpenSSL 1.1.1 (which supports TLSv1.3) is available in Bionic, but the Apache package hasn't been updated to support the TLSv1.3 cipher suites. I was hoping someone would be able to advise of any timelines for supporting this.

Thanks,
James

Hi James,

My expectation is that an upgrade to 20.04 will be required for TLS 1.3 support. Maybe someone else can confirm that?

TLS 1.3 is a new feature (not a specific security vulnerability with a CVE assigned, which would then make it's way into older LTS repos). And if I understand correctly the spec was still being written when 18.04 went LTS.

Hi Stuart,

Given OpenSSL 1.1.1 (which adds TLS 1.3 support) was added to 18.04 after release, it seems a bit odd that Apache hasn't also been updated to support TLS 1.3.

Hopefully someone in the know will be able to update us on the situation :-)

Cheers,
James

Unfortunately, at the moment you have to use a third party PPA as https://launchpad.net/~ondrej/+archive/ubuntu/apache2
You need apache 2.4.37+ according to https://www.tecmint.com/enable-tls-in-apache-and-nginx/

This appears to have been fixed in 2.4.29-1ubuntu4.12.