Code and solder: Starting TLS 1.3 server with OpenSSL

At the moment TLSv13 specification is still a draft. But OpenSSL already supports TLSv13. According to this blog post, OpenSSL git master branch contains our development TLS 1.3 code which can be used for testing purposes.

Here are steps how to build OpenSSL with TLS 1.3, and run a local server for testing.

Clone OpenSSL git master branch

git clone https://github.com/openssl/openssl

Configure and build OpenSSL with TLSv13 support

cd openssl
./config --debug enable-asan enable-tls1_3
make
make test
make install

The commands above configure and build OpenSSL with debug symbols, enabled AddressSanitizer, and TLS 1.3.

Create a certificate for TLS 1.3 server

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=Test TLSv13 server"

Start OpenSSL test server with TLS 1.3

openssl s_server -key key.pem -cert cert.pem -accept 11111 -www -tls1_3

Connect to TLS 1.3 server with OpenSSL s_client command

echo "GET / HTTP/1.1\n\n" | openssl s_client -connect localhost:11111 -tls1_3

Wednesday, August 9, 2017

Starting TLS 1.3 server with OpenSSL

Clone OpenSSL git master branch

Configure and build OpenSSL with TLSv13 support

Create a certificate for TLS 1.3 server

Start OpenSSL test server with TLS 1.3

Connect to TLS 1.3 server with OpenSSL s_client command