Feature request: Support for TLS 1.3?

[ealashwali]

If I compile the code using TLS 1.3 supporting library, does tls-scan recognises TLS 1.3?

[ealashwali]

I will appreciate letting me know whether this feature can be added in the mean time, or not.

[prbinu]

i can give it a shot. give me a week.

[ealashwali]

Thank you. The OpenSSL version that supports TLS 1.3 is: OpenSSL 1.1.1a. If you could add the compilation script also, that would be great. The config command that worked with me in previous compilation script to support my need for DES ciphers but disable SSL 3is: ./Configure darwin64-x86_64-cc enable-static-engine enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-rfc3779 enable-ssl-trace disable-ssl3 enable-ssl3-method enable-zlib no-shared --prefix=${OUTDIR} --openssldir=${OUTDIR}/ssl However, I enable-ssl3-method because it seems that the code relies on it somewhere. If this option is disables, I get compilation error. Possibly, due to some SSL 3 ciphesuites (as the versions and ciphersuites are two separate things). I do not prefer to comment out the code that relies on it as I am not sure if this will make me miss SSL 3 ciphersuites. I am happy with the above config and it did the purpose as I need. I just need TLS 1.3.

[prbinu]

Try this: https://github.com/prbinu/tls-scan/blob/master/build-x86-64-openssl-1.1.1.sh

The above script builds tls-scan with TLS-1.3 support Tested on Ubuntu-16.04