patch to enable tls 1.3 in mod_nss
mod_nss_tls13.patch

The patch breaks backwards compatibility with older versions of NSS. We might want to sprinkle a couple of #ifdef SSL_LIBRARY_VERSION_TLS_1_3 on top of the patch.

As of now the patch does not work. NSS has TLSv1.3 disabled by default. It's only enabled with NSS_ENABLE_TLS_1_3.

[Fri Sep 16 17:44:23.865175 2016] [:error] [pid 17736] NSSProtocol:  SSL/TLS protocol initialization failed.
[Fri Sep 16 17:44:23.865183 2016] [:error] [pid 17736] SSL Library Error: -12168 Unknown



#define SSL_ERROR_BASE                          (-0x3000)
SSL_ERROR_INVALID_VERSION_RANGE         = (SSL_ERROR_BASE + 120),

Correct, 1.3 isn't enabled by default and probably won't be for a while. Nonetheless it would be great to get it in mod_nss already to be able to test it. Guarding it with some ifdefs might be sensible though.

I agree, but I need a way to test the patch locally. How do I build a NSS rpm with TLSv1.3 support on Fedora?

To enable Tls1.3 you have to build NSS with NSS_ENABLE_TLS_1_3=1. But the next version (3.27 that's coming probably end of this week) will have it compiled in by default (still disabled by default, but enabling it in mod_nss will work then).

Firefox 52 will ship TLS 1.3 enabled by default: https://groups.google.com/forum/#!topic/mozilla.dev.platform/sfeqeMkyxCI (via Daniel Stenberg from curl). It would be incredible useful to have mod_nss with TLS 1.3 by then.

Kai and Franziskus have helped me to identify a problem with NSS 3.27. We are going to need 3.28 for full TLS 1.3. The version is still under development.

I think we should be able to enable the TLS 1.3 code (build it, but keep version disabled by default) when we update Fedora to NSS 3.28. I'd expect that to happen mid december.

After that's done, you should be able to enable it by requesting maximum version TLS 1.3

I don't know if additional changes are necessary to enable it, like, configuring the list of supported ciphers (which might be necessary, e.g. if mod_nss disables all ciphers by default, and only enables the ones that have been enabled by configuration).

The patch is no longer sufficient to enable TLS 1.3. It's also necessary to support and enable new cipher suites. TLS 1.3 does not use any of the TLS 1.2 and older suites. Instead it has introduced a set of five additional cipher suite, two AES GCM, two AES CCM and one Pyoly1305/ChaCha20. All five suites are AEAD ciphers without key agreement and auth specified, https://tools.ietf.org/html/draft-ietf-tls-tls13-18#appendix-A.4

I have an updates patch on github with new cipher suites and more error codes, https://github.com/tiran/mod_nss/tree/tlsv13 . I'm still getting SSL Library Error: -12168 Invalid version range with nss-3.28.1-1.3.fc24.x86_64. It looks like TLS 1.3 is disabled.

It was necessary to disable TLS 1.3 in the Fedora NSS package, because enabling it breaks openldap/FreeIPA for the same reasons.

Once that's fixed, we can attempt to enable it again, in updates-testing.

https://bugzilla.redhat.com/show_bug.cgi?id=1415140

As mentioned in the PR, NSSRequireSafeNegotiation must be off otherwise mod_nss will get a SSL_ERROR_NO_CYPHER_OVERLAP error. The BZ for this is https://bugzilla.redhat.com/show_bug.cgi?id=1423401

And note: NSSRequireSafeNegotiation is on by default.