https://bz.apache.org/bugzilla/show_bug.cgi?id=62748
--- Comment #23 from Christopher Schultz <ch...@christopherschultz.net> --- (In reply to Rainer Jung from comment #21) > (In reply to Christopher Schultz from comment #17) > > A quick test with Firefox 62 and Chrome 69 shows that they are still > > connecting using TLSv1.2. > > Both are expected to implement the final 1.3 in the next version (Firefox > 63, Chrome 70). I think the current version can not successfully handshake > with a final 1.3 impl due to a draft protocol version they use, so the > protocol version numbers don't match. Thanks for that clarification. It's shocking that Java is ahead of the curve on this one. On the other hand, ff can connect to mail.google.com using TLSv1.3 and the TLS_AES_128_GCM_SHA256 cipher suite, while Chrome uses QUIC and what appears to be the same ciphersuite. For ref: Firefox 63: https://blog.mozilla.org/security/2018/08/13/tls-1-3-published-in-firefox-today/ Chrome 70: https://www.chromium.org/Home/tls13 Looks like just a few days before both updates are scheduled to occur. I haven't tried any of the betas. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
