How to compile and configure BoringSSL with nginx to support TLSv1.3

[S8Cloud]

I saw a blog on your site showig that Cloudflare is using BoringSSL and issue #78 also prove the usage of BoringSSL.

As it happens, BoringSSL has supported TLS 1.3 for quite a long time (it was one the first open source SSL implementations to work on this feature), so now all of our edge SSL traffic (including TLS 1.3 connections) is handled by the same system, with no duplication, no added complexity, and no increased latency. Yay!

However I compiled BoringSSL with nginx 1.13.7 using configuration --with-openssl=/path/to/boringssl --with-openssl-opt=enable-tls1_3 and it could not support TLSv1.3 Draft18 (like Cloudflare does).

BoringSSL supported TLSv1.3 draft18 since this commit but I could not find an wiki or an explanation about how to compile and configure BoringSSL with nginx to support TLSv1.3 draft18.

[1265578519]

net::ERR_SPDY_PROTOCOL_ERROR?

[pleaz]

nope, not supported ssl protocol in nginx error log

[hamjin]

You can see in https://github.com/nginx-modules/docker-nginx-boringssl/blob/master/mainline/alpine/Dockerfile , from line115 to line127

[pleaz]

@railjty it's not worked

[hamjin]

For draft-18, you need branch 2987,because
their master branch is using draft 23

[hamjin]

You can get it like this: git clone -b 2987 https://github.com/google/boringssl /usr/src/boringssl
,and then use the command in that dockerfile

[hamjin]

Also there is some wrong filename in the command ,I will put a file that is ok for me

[hamjin]

Ok! Gei it from this:https://cdn.jintaiyang123.org/static/boringssl.tar.gz

[hamjin]

just compile it

[hamjin]

Cloudflare now is using draft 22 and 23, not draft 18!

[pleaz]

yes, with openssl I think, because I can’t find worked solution for boringssl +nginx with draft 22/23

[S8Cloud]

@railjty Test successfully with tlsv1.3 draft 18 using boringssl version 2987

However, as you said

Cloudflare now is using draft 22 and 23, not draft 18!

Which version of boringssl Cloudflare are using? Do you have any ideals?

[hamjin]

They are using master branch(Sorry, but I am busy with my studying now. I can't answer this at all.)

[xetorixik]

I was looking for the same solution and came across this post.
Because I have found a solution, it is neat to share it with you guys.

I found this patch: https://l.avinz.nl/enabletls13boringssl

It will enable BoringSSL's TLS 1.3 draft 22 and 23 (Chrome stable) and the final TLS 1.3 standard (BoringSSL master only).

It is quite simple.
All you have to do is patch the BoringSSL chromium-stable or if you want BoringSSL master -code.
Compile it against Nginx and you are done.

--with-openssl-opt=enable-tls1_3 is not necessary.
That is an OpenSSL parameter and does not work at BoringSSL.

[S8Cloud]

@xetorixik Excellent Patch! Problem solved. It seems that tls 1.3 draft 28 will be the final version and both openssl and boringssl are working on it and will be enabled by default in the future.

[ymshenyu]

That's very good ! I follow it and reconfigure boringssl and nginx . And it worked . But bad thing is you cant configure the tls1.3 ciphersuites now.

[CarterLi]

FYI: kn007/patch#4

[hakasenyang]

Hello.

This is my patch files (OpenSSL 1.1.1-pre8-dev) : https://github.com/hakasenyang/openssl-patch/blob/master/openssl-equal-pre8_ciphers.patch
This patch file includes draft 23, 28 support and Equal Preference patches.

Result testssl.sh : https://ssl.hakase.io/ssltest/hakase.io.html

I do not speak English well. Sorry.

[kn007]

@hakasenyang Thanks for your work, this is a super useful patch.

[S8Cloud]

Thanks all for these great patches!
I cloned many useful patches for openssl, boringssl and nginx and made it into a bundle.

https://github.com/S8Cloud/sslpatch

[xetorixik]

Patch code to enable TLS 1.3 on BoringSSL seems to be updated.
Latest bits available via: https://l.avinz.nl/enabletls13boringssl

[xetorixik]

Because I am subscribed to the channel of Buik.
There seems to be another patch-update to enable TLS 1.3 on BoringSSL.
Latest bits available via: https://l.avinz.nl/enabletls13boringssl

[S8Cloud]

Update: nginx officially support enabled TLSv1.3 with BoringSSL in this commit
Just compile mster version of nginx and boringssl and add TLSv1.3 to ssl_protocols configuration to enable it.

[JSkier21]

Is there a patch for boringssl to support multiple drafts? Would be similar to what @hakasenyang did with openssl earlier, except for boringssl.

Compiling with the recent patch mentioned by @xetorixik works for the final draft only (nginx stable), which currently has limited support (Chrome developer channel).

[hamjin]

BoringSSL now changed to TLS1.3 RFC
See: google/boringssl@6855e0a
and you can enable the draft version by yourself

[JSkier21]

Thank you @railjty, interesting.

[xetorixik]

@JSkier21 @railjty Problem is that Google removed TLS 1.3 draft28 2 days ago (googlesource.com) and it seems logical that draft23 will follow soon in favor of TLS 1.3 RFC only. (Before draft 23,28 and RFC).

As Chrome and Firefox production version only supports TLS 1.3 draft and won't work yet on TLS 1.3 RFC. You will be faced with a choice in this interim phase.

In my opinion there are 3 options for now:

1. Use for example BoringSSL git clone of Aug 25 2018 so the production version of both Chrome and Firefox are working fine with your BoringSSL draft/RFC based TLS 1.3 enabled site.

2. Wait a little bit till Chrome and Firefox could offer support to TLS 1.3 RFC.
   As could be seen above it is already available in the Chromium master git. So this should not be long before it appears in the production version of Chrome.

3. Don't do anything yet and jump in when everything is ready.

[JSkier21]

@xetorixik, I just modified the 25 patch and defined tls13_all instead of _rfc. I now get final, draft 28, and draft 23 presented as options. Works great in Firefox and Chrome.

[centminmod]

@JSkier21 you mean you edited include/openssl/ssl.h for enum tls13_variant_t

changing

tls13_rfc = 0

to

tls13_all = 0

[centminmod]

seems i managed to re-enable all TLS 1.3 drafts via

        sed -i 's|tls13_rfc = 0|tls13_all = 0|' /opt/boringssl/include/openssl/ssl.h
        sed -i 's|  tls13_all,|  tls13_rfc,|' /opt/boringssl/include/openssl/ssl.h
        sed -i 's|tls13_variant_t tls13_variant = tls13_rfc;|tls13_variant_t tls13_variant = tls13_all;|g' /opt/boringssl/ssl/internal.h

but wondering if i missed anything ?

testssl check

 Testing protocols via sockets except NPN+ALPN 

 SSLv2      not offered (OK)
 SSLv3      not offered (OK)
 TLS 1      offered
 TLS 1.1    offered
 TLS 1.2    offered (OK)
 TLS 1.3    offered (OK): draft 28, draft 23, final
 NPN/SPDY   not offered
 ALPN/HTTP2 h2, http/1.1 (offered)

[JSkier21]

@centminmod, I just diffed my new internal.h file containing the two new instances defining the tls13_variant_t tls13_variant = tls13_all, added those lines to the existing patch.

Our testssl results look the same for tls 1.3 report.

You did more than me on the ssl.h files. Should work fine with only you're last sed. Is there any reason why you're changing ssl.h file? I ask out of curiosity (maybe I'm missing something).

[centminmod]

I am just winging it heh. Will try just editing internal.h only

FYI i am not using boring patches as 1.15.3 enables tls 1.3 out of box with BoringSSL detected

edit: yup confirmed editing internal.h only is enough to get all TLS 1.3 drafts re-enabled now

sed -i 's|tls13_variant_t tls13_variant = tls13_rfc;|tls13_variant_t tls13_variant = tls13_all;|g' /opt/boringssl/ssl/internal.h

[xetorixik]

@JSkier21 Seems as Github is not u-to-date and not synced yet with googlesource.com as Github still offers draft 23,28 and RFC. Draft 28 is removed from googlesource.com and it is It seems logical that the removal of draft 23 follows.

After that both Chrome and Firefox won't work with TLS 1.3 anymore, until both browsers support TLS 1.3 RFC. As of today both won't support TLS 1.3 RFC.

[JSkier21]

@xetorixik, you're referring to boringssl master correct? The old drafts are still in master on gs from what I can tell.

I'm pulling from boringssl gs master and using the patch on GitLab for tls1.3 support.

[xetorixik]

@JSkier21 It is on its way and is ready in the pipeline as written here: https://boringssl.googlesource.com/boringssl/+/6cacb472c42ddbe1553a1263d651ae64a29efc5f

As addition.
If you have patch updates, recommendations and/or enhancements.
Please inform: https://l.avinz.nl/enabletls13boringssl

So that all of us can enjoy those enhancements. Thanks.

[S8Cloud]

@xetorixik It seems github & googlesource version of boringssl was exactly the same and it removed draft 28 as well.
BTW boringssl was always good at deleting codes that google thoughts unnecessary e.g. CBC-SHA2 ciphers which are often used in safari browsers.

[S8Cloud]

https://boringssl.googlesource.com/boringssl/+/6cacb472c42ddbe1553a1263d651ae64a29efc5f
This commit has not been combined to master version of boringssl (but it will). Maybe its time to preserve a fork :)

[xetorixik]

@S8Cloud Draft 28 is not removed yet as can be viewed here , diff to remove TLS 1.3 draft 28 is present but not yet merged.

[S8Cloud]

@xetorixik Maybe github version is just a mirror of googlesource so it doesn't include unmerged commit.

[JSkier21]

I think Chrome and Firefox browsers will be out with final support in October on their respective stable channels. That said, a fork will help carry over my testing with this.

I was planning on forking enabletls13boringssl to submit my additions, should be able to do that soon hopefully. I'll give him a heads up as well.

[xetorixik]

@JSkier21 if so in october. That means you have to:

• Fork BoringSSL
• Use an old git copy of BoringSSL with the draft code
• Patch code drafts every so often in new master branch copys.
• Do nothing, don't use TLS 1.3 and wait before all the fog has settled and everything (browser final and BoringSSL) is TLS 1.3 RFC supported.