Support HTTP over TLS 1.3 on rustup.rs #1717
Comments
|
The rustup website is managed on EC2 - do you happen to know if TLS1.3 is supported by AWS? |
|
@kinnison: I don't know. I have understood AWS uses the s2n implementation for TLS and the s2n maintainership is actively working on TLS 1.3 support (aws/s2n-tls#388). |
|
I've re-checked and cloudfront currently still don't support TLS1.3 |
|
AFAICT TLS1.3 support is working now. |
|
Do we enforce TLS 1.3 though? |
Right now it would not be appropriate to do so because of corporate proxies etc. We will use 1.3 if it's available by preference. I imagine if a system configured openssl to require 1.3 we'd honour that (I think we read the system openssl.cnf) |
|
There may be some work to do in |
|
I've filed #2581 to continue the work |
The maximum TLS version supported is currently 1.2. TLS 1.3 delivers security and performance benefits.
In terms of security, the distribution mechanism's security currently depends on TLS. Only with TLS 1.3 and the appropriate certificate practical downgrade attacks can be prevented. https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/
The text was updated successfully, but these errors were encountered: