💾 Archived View for rawtext.club › ~sloum › geminilist › 007539.gmi captured on 2021-11-30 at 19:37:34. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Solderpunk solderpunk at posteo.net
Sun Nov 7 16:07:05 GMT 2021
- - - - - - - - - - - - - - - - - - -
Howdy all,
When I started Gemini I dearly wanted to specify that TLS 1.3 be the minimum allowed version of TLS. However, I didn't because at that time TLS 1.3 was still not very widely implemented and I did not want to basically make it a requirement that all Gemini implementations rely on OpenSSL. In particular, I didn't want to exclude the possibility of using LibreSSL instead. So, instead I required 1.2 or above and left lots of caveats in the spec to make my feelings clear.
I have checked in on this issue for the first time in a while, and at least according to the English Wikipedia's "Comparison of TLS implementations", TLS 1.3 is now supported by OpenSSL, LibreSSL, GnuTLS and wolfSSL, and is "experimentally" supported by Mbed TLS (these last two are of somewhat special interest/appeal as they target embedded systems and so are much more lightweight than traditional TLS stacks). This gives me some glimmer of hope that as part of the spec finalisation we could actual require 1.3 or above as I always wished.
But I realise that there's potentially a lot of difference between between a green box on a Wikipedia page and actual practical, compatible real world implementation. So I would like to ask authors of Gemini servers or clients which use a TLS stack other than OpenSSL whether or not they have encountered any problems actually using TLS 1.3.
I would also like to ask anybody who runs an Gemini indexer/crawler who might have the data at hand if they can provide us with some kind of statistics on the current real-world Gemini TLS version landscape.
Cheers,Solderpunk