Open anotherjin opened 7 years ago
BoringSSL i think.
But how do they use OCSP stapling and multi certs?
@railjty I'm not sure about multi certs, but OCSP stapling was never removed in BoringSSL. The OCSP protocol was removed, but not stapling and parsing.
Now where can I get the patch for boringssl?#78
i think they are using openssl with equal cipher patch. you can get the patch at https://github.com/hakasenyang/openssl-patch @railjty
@ymshenyu Incorrect, see https://github.com/cloudflare/sslconfig/issues/78#issuecomment-324434709. Cloudflare is using BoringSSL.
ok , but boringssl ocsp stapling also need a patch and i am not recommend to use that patch. @injust
@ymshenyu That page is incorrect
Now I 'm using the openssl 1.1.1-pre2 with the patch at https://github.com/kn007/patch
Hello.
@railjty, My patch is here. Please, READ ME.
I'm using OpenSSL-1.1.1-pre9-dev.
Tnanks a lot! It's very useful that add tls1.3 draft 23 back. And would someone add chacha20-poly1305-draft cipher back? Like BoringSSL branch 2987, it has both TLS1.3 Draft 18 and chacha20-poly1305-old(0xcc13 0xcx14 0xcc15)
@railjty As I think, I no longer need a draft version of chacha20-poly1305. If you need it, consider BoringSSL.
Now BoringSSL deleted it. So only old LibreSSL/BoringSSL and cloudflare's patch can add it
@injust may i get cloudflare boringssl patch ?
I used the patch in sslconfig/patches for openssl-1.0.2, but I can't add Curve25519 So , which SSL/TLS library is Cloudflare using?