Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cheat sheet update/refactor proposal: TLS_Cipher_String_Cheat_Sheet - TLSv1.3 #14

Closed
0xb4lint opened this issue Feb 17, 2019 · 7 comments
Closed

Cheat sheet update/refactor proposal: TLS_Cipher_String_Cheat_Sheet - TLSv1.3 #14

0xb4lint opened this issue Feb 17, 2019 · 7 comments
Assignees
@0xb4lint
Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet.
Milestone
Roadmap 2019

Comments

@0xb4lint
Copy link
Contributor

Hello OWASP!

First of all, thanks for migrating Cheat Sheet Series to GitHub. 😉

I'd like to get a statement from your side about the TLSv1.3 topic.
Currently the OWASP Cipher String 'A+' uses TLSv1.2 protocol.

In September 2018 OpenSSL released the final TLSv1.3 support in the 1.1.1 version.
Firefox 61 (June 2018) has been released with on-by-default support for TLSv1.3.
Chrome 70 (October 2018) has been released with on-by-default support for TLSv1.3.

There are open issues in Mozilla SSL Generator in this topic: mozilla/server-side-tls#217,
mozilla/server-side-tls#191.

I'd be happy if OWASP releases an update for the recommended TLS (1.3) cipher strings.
Then I can update nginxconfig.io with the new rulesets (digitalocean/nginxconfig.io#42).
@0xb4lint 0xb4lint added ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet. labels Feb 17, 2019
@righettod
Copy link
Member

Hi,
You are welcome 😃
I accept your proposal, thanks you very much for it.

@righettod righettod added ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. and removed ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. labels Feb 18, 2019
@righettod righettod added this to the Roadmap 2019 milestone Feb 18, 2019
@righettod
Copy link
Member

Done in PR #15

@0xb4lint
Copy link
Contributor Author

@righettod I think #15 is a whole different story.
This issue is about TLSv1.3.

@righettod
Copy link
Member

righettod commented Feb 18, 2019
edited
Loading

Each PR need to have a issue associated to it, so this issue is not related to the PR #15 ?
I have re-added the images to restore the state.

@righettod righettod reopened this Feb 18, 2019
@0xb4lint
Copy link
Contributor Author

I'm sorry, my mistake.
I've just started to dig about TLSv1.3 and the ciphers table came into picture and made a quick PR about it.

Anyway, let's focus to TLSv1.3. 😉
How does this work at OWASP? Is there a roadmap about updating the TLS cipher string scenarios? Or are you open to open source contributions?

@righettod
Copy link
Member

righettod commented Feb 18, 2019
edited
Loading

Don't worry, there no problem at all 😃
We have moved the project to GH in order to allow open source contributions so feel free to made PR(s) to update the content of the TLS CS if you want to focus on this topic...

@righettod
Copy link
Member

righettod commented Feb 18, 2019
edited
Loading

OK I consider this issue closed in order to keep a clean state, you will open another issue when you will submit TLS v1.3 content on the CS.

@0xb4lint 0xb4lint mentioned this issue Apr 13, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@0xb4lint 0xb4lint

Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet.
Projects
None yet
Milestone
Roadmap 2019
Development

No branches or pull requests
2 participants
@righettod @0xb4lint