This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The OpenSSL was compiled accordingly. | |
============== | |
[root@TLS1-3 curl]# openssl version | |
OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018 | |
============= | |
PHP was also compiled. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- SSLSocket.c.orig 2018-03-18 01:35:55.748629591 -0400 | |
+++ SSLSocket.c 2018-03-18 01:46:42.564598773 -0400 | |
@@ -264,6 +264,9 @@ char* SSLSocket_get_version_string(int v | |
#if defined(TLS3_VERSION) | |
{ TLS3_VERSION, "TLS 1.2" }, | |
#endif | |
+#if defined(TLS4_VERSION) | |
+ { TLS4_VERSION, "TLS 1.3" }, | |
+#endif | |
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
root@Socat-TLS-Client:~/tls13_new/socat-1.7.3.2# diff -uNp sslcls.c.orig sslcls.c | |
--- sslcls.c.orig 2018-03-17 10:47:30.239634794 -0400 | |
+++ sslcls.c 2018-03-17 04:40:53.144981137 -0400 | |
@@ -147,6 +147,26 @@ const SSL_METHOD *sycTLSv1_2_server_meth | |
} | |
#endif | |
+#if HAVE_TLSv1_3_client_method | |
+const SSL_METHOD *sycTLSv1_3_client_method(void) { | |
+ const SSL_METHOD *result; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
On server | |
socat OPENSSL-LISTEN:443,reuseaddr,cert=/etc/server.pem,cafile=/etc/client.crt echo | |
On client | |
socat stdio OPENSSL-CONNECT:Socat-TLS-Server:443,cert=/etc/client.pem,cafile=/etc/server.crt | |
Wirehark was launched, and we can noticed the tls 1.2 handshake |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Stunnel running without the patch. | |
1. My stunnel.conf | |
============================================================================================= | |
[root@localhost ~]# cat /etc/stunnel/stunnel.conf | |
chroot = /var/run/stunnel | |
setuid = stunnel | |
setgid = stunnel | |
pid = /stunnel.pid | |
debug = 7 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1.The stunnel beta version was compiled with openssl-dev 1.1 | |
[root@localhost stunnel-5.43]# /usr/local/bin/stunnel version | |
[ ] Clients allowed=500 | |
[.] stunnel 5.43 on x86_64-pc-linux-gnu platform | |
[.] Compiled/running with OpenSSL 1.1.1-dev xx XXX xxxx | |
[.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI | |
[ ] errno: (*__errno_location ()) | |
2.My stunnel configuration as follows: |