-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cheat sheet update/refactor proposal: TLS_Cipher_String_Cheat_Sheet - TLSv1.3 #14
Comments
Hi, |
Done in PR #15 |
@righettod I think #15 is a whole different story. |
Each PR need to have a issue associated to it, so this issue is not related to the PR #15 ? |
I'm sorry, my mistake. Anyway, let's focus to |
Don't worry, there no problem at all 😃 |
OK I consider this issue closed in order to keep a clean state, you will open another issue when you will submit TLS v1.3 content on the CS. |
Hello OWASP!
First of all, thanks for migrating Cheat Sheet Series to GitHub. 😉
I'd like to get a statement from your side about the
TLSv1.3
topic.Currently the OWASP Cipher String 'A+' uses
TLSv1.2
protocol.In September 2018 OpenSSL released the final
TLSv1.3
support in the 1.1.1 version.Firefox 61 (June 2018) has been released with on-by-default support for
TLSv1.3
.Chrome 70 (October 2018) has been released with on-by-default support for
TLSv1.3
.There are open issues in Mozilla SSL Generator in this topic: mozilla/server-side-tls#217,
mozilla/server-side-tls#191.
I'd be happy if OWASP releases an update for the recommended TLS (1.3) cipher strings.
Then I can update nginxconfig.io with the new rulesets (digitalocean/nginxconfig.io#42).
The text was updated successfully, but these errors were encountered: