Skip to content

Enable TLS 1.3 on FreeBSD System

Build TLSv1.3 System Support

OpenSSL 1.1.1 supports TLSv1.3, so we download the openssl 1.1.1 from the openssl official website and build it:

$ cd openssl-1.1.1
$ ./config --prefix=/xjail
$ make
$ doas make install

Test if it supports TLSv1.3

According to this blog, test if the openssl supports TLSv1.3:

$ /xjail/bin/openssl ciphers -s -v "ECDHE:!COMPLEMENTOFDEFAULT" | awk '/TLSv1.3/'
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD

New Update: FreeBSD has imported OpenSSL 1.1.1 into the base system which supports TLS v1.3 now ! =>
Using TLS 1.3 FreeBSD and Upgrade System (maybe you upgrade to freebsd 13.0)



No Trackbacks


Display comments as Linear | Threaded

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

Form options

Submitted comments will be subject to moderation before being displayed.