Request for feedback from server/client implementers using non-OpenSSL TLS stacks

[Alex // nytpu]

As of late 2019 client-side TLS 1.3 for LibreSSL was implemented, which
I can confirm.  Server support was completed by mid-to-late 2020 but 1.3
support for their OpenSSL API clone wasn't finished yet.

Apparently in the latest LibreSSL release (3.4.1, October 14th) they
completed their implementation of the OpenSSL TLS 1.3 API, which means
that an up-to-date LibreSSL should have full support for TLS 1.3 through
all of their various APIs as of now---although I can't confirm it since
I use LibreSSL very intermittently and usually just for testing of
cross-compilation to a BSD.

I've been using GnuTLS a little bit in Ada and it seems to support 1.3
fine although my testing was at the absolute most basic level.
According to various developer's blogs and the changelog GnuTLS got TLS
1.3 support before the RFC draft was even finalized (even as far back as
2016 when it was in an ultra-draft state), so one can feel pretty safe
in assuming that any broken functionality would've been fixed by now.

I don't have experience with any other TLS libraries, sorry.

---

Vaguely related question: prior to the specification being finalized, is
there any plan to ensure that support for future TLS versions to be
supported implicitly?  Something simple like "Clients MAY/MUST use TLS
1.3 (or the latest TLS version should TLS 1.3 be deprecated)" would be
better than being stuck at TLS 1.3 forever.

~nytpu

-- 
Alex // nytpu
alex at nytpu.com
gpg --locate-external-key alex at nytpu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20211107/527baaca/attachment.sig>