Does anyone know when openssl 1.1.1 with tls 1.3 support will be available for SUSE 12 SP3 or later?
We want to get our NGINX web servers and Load balancers using TLS 1.3 as soon as possible. We know the browsers are still playing catch up but we want to be ready when they do.
NGINX TLS1.3 requirements: The TLSv1.3 parameter (1.13.0) works only when OpenSSL 1.1.1 built with TLSv1.3 support is used.
Current openssl version available on SP3 is 1.0.2j-60.24.1
Thanks
[QUOTE=cisaksen;52913]Does anyone know when openssl 1.1.1 with tls 1.3 support will be available for SUSE 12 SP3 or later?
We want to get our NGINX web servers and Load balancers using TLS 1.3 as soon as possible. We know the browsers are still playing catch up but we want to be ready when they do.
NGINX TLS1.3 requirements: The TLSv1.3 parameter (1.13.0) works only when OpenSSL 1.1.1 built with TLSv1.3 support is used.
Current openssl version available on SP3 is 1.0.2j-60.24.1
Thanks[/QUOTE]
Hi
Not sure if it would make it to SP4, if anything it would be just backported fixes etc. Let me ask my SUSE contacts.
See chaptre 9.6.5 of SLES15 release notes:
https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/#Packages.Modules
Again: SLE 15
Needs to SUSE 12 - 15 is not an option for us yet as there are too many changes that we will need to test before we rebuild our systems on 15. All of our systems were built on 12 SP0 and migrated up. To go to SUSE 15 would need a rebuild as was recommended from a SUSE webcast just a week or 2 ago.
Thanks though. Really need this to be in SP4 or just a upgrade in general. Either that or compile openssl separately and use it to compile nginx.
Hello cisaksen,
[QUOTE=cisaksen;52919]Needs to SUSE 12 - 15 is not an option for us yet as there are too many changes that we will need to test before we rebuild our systems on 15. All of our systems were built on 12 SP0 and migrated up. To go to SUSE 15 would need a rebuild as was recommended from a SUSE webcast just a week or 2 ago.
Thanks though. Really need this to be in SP4 or just a upgrade in general. Either that or compile openssl separately and use it to compile nginx.
[/QUOTE]
Malcolm has flagged the question, and I have raised the same internally.
Please do note that since TLS 1.3 is not yet finally approved, openssl 1.1.1 is also not yet released.
SUSE does currently plan to have openssl 1.1.1 support in :
Older SLE service packs are not currently in the planning to also get this …
SUSE aims to release a maintenance update to openssl 1.1.1 once it is also released by the openssl team upstream.
Hope this helps ?
Best regards
Hans
Hans that’s perfect, If it’s going to be in 12 SP4 and 15 eventually then we can at least plan for this.
Thanks much appreciated.
On Thu, 07 Jun 2018 15:54:02 +0000, cisaksen wrote:
[color=blue]
Hans that’s perfect, If it’s going to be in 12 SP4 and 15 eventually
then we can at least plan for this.Thanks much appreciated.[/color]
Glad to see that works out for you 
Thanks
Hans
Hello
I have exactly the same kind of question : teams here use SLES12 SP5 and ask when the TLS 1.3 will be supported by the Nginx installed.
For the moment, openssl is still in 1.0 version (1.0.2p-1.13) and nginx is 1.14.2-16.1.
Is there any chance to have an openssl 1.1.1 in SP5 soon ?
Regards
[QUOTE=frederic_peron;59500]Hello
I have exactly the same kind of question : teams here use SLES12 SP5 and ask when the TLS 1.3 will be supported by the Nginx installed.
For the moment, openssl is still in 1.0 version (1.0.2p-1.13) and nginx is 1.14.2-16.1.
Is there any chance to have an openssl 1.1.1 in SP5 soon ?
Regards[/QUOTE]
Hi and welcome to the Forum 
I spoke with my SUSE Contacts and they indicate the openssl-1_1 is there (since it’s a shared library can co-exist). Can you check to see if it is present in your active repositories?
Hi Frederic
Recently I created https://www.suse.com/support/kb/doc/?id=7024362 to help us all get an overview of the OpenSSL versions in SLES.
Hopefully it helps.
Best regards
Andreas
Thanks for your answer
I can see the libopenssl1_1 in directories but I was asking for the full cmd tool.
The fact is that some of us are waiting for a nginx supporting the TLS 1.3 which is not the case for the moment in SP5 (and I suppose it will not be the case till nginx is not compiled with openssl 1_1 ).