cURL / Mailing Lists / curl-library / Single Mail


Re: TLS 1.3

From: Kamil Dudka <>
Date: Mon, 24 Oct 2016 10:16 +0200

On Friday, October 21, 2016 11:37:04 Daniel Stenberg wrote:
> Hi friends,
> TLS 1.3 is approaching fast (it has not yet been finalized but chances are
> that no big changes will be made anymore to the protocol). Firefox 52
> (availably as "nightly") enables it by default (powered by NSS) and Chrome
> "canary" is shipping it (enable through "chrome://flags/").
> Cloudflare runs TLS 1.3 compliant servers you can try your HTTPS client
> against.
> In curl we have not taken any steps toward this yet, but it seems about time
> we do. Using the NSS backend we should be able to run early tests already
> now, and when OpenSSL and others catch up later on we can just bump them up
> one by one as we've done in the past with other TLS features.

By taking steps toward this you mean to introduce the CURL_SSLVERSION_TLSv1_3
constant in curl.h (and --tlsv1.3 option of curl) and pass it to NSS?

That sounds like a good idea. On the other hand, I would be careful with
enabling it by default because there was already a patch release of NSS to
re-disable TLS 1.3 by default:

List admin:
Received on 2016-10-24