new | show | ask | jobs Github

ronsor 13 hours ago

> TLS certificates… SSL is some old Java anachronism.

OpenSSL is still called OpenSSL. Despite "SSL" not being the proper name anymore, people are still going to use it.

By the way, TLS 1.3 is actually SSL v3.4 :)

▲

throw20251220 13 hours ago | parent [-]

[flagged]

▲

RijilV 12 hours ago | parent [-]

except of course on the wire, where it's wildly a mess.

TLS 1.3 version in the record header is 3.1 (that used by TLS 1.0), and later in the client version is 3.3 (that used by TLS 1.2). Neither is correct, they should be 3.4, or 4.0 or something incrementally larger than 3.1 and 3.3.

This number basically corresponds to the SSL 3.x branch from which TLS descended from. There's a good website which visually explains this:

https://tls13.xargs.org/#client-hello/annotated

As for if someone is correct or whatever for calling out TLS 1.x as SSL 3.(x+1) IDK how much it really matters. Maybe they're correct in some nerdy way, like I could have called Solaris 3 as SunOS6 and maybe there were some artifacts in the OS to justify my feelings about that. It's certainly more proper to call things by their marketing name, but it's also interesting to note on they behave on the wire.

	▲	throw20251220 11 hours ago \| parent [-]
		it could be called bunny17.1 on the wire and it would change nothing: https://datatracker.ietf.org/doc/rfc8446/