docker image doesn't support tls 1.3 #7000

richvdh · 2020-02-26T23:41:21Z

for some reason, we build the docker image against libressl rather openssl, and libressl don't yet support tls1.3: libressl/portable#228.

That means that any docker-based synapse is going to fail to talk to a server which requires tls1.3 - which is becoming increasingly common.

richvdh · 2020-02-26T23:45:39Z

(also worth noting here that because the docker image is based on alpine linux, we cannot use the manylinux cryptography wheels which use a statically-linked openssl)

maquis196 · 2020-07-12T09:10:44Z

testing today, not sure this is a problem anymore;

`
openssl s_client -connect localhost:8448 -tls1_3

Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
`
Was going to look at replacing libressl with openssl in our alpine dockerfile but alas, the above works. (tested with - Digest: sha256:71ee09081211)

richvdh · 2020-08-06T17:53:11Z

testing today, not sure this is a problem anymore;

I'm not quite sure how that happened, but either way it should have been fixed by #7839.

This was referenced Feb 26, 2020

Update the dockerfile to be Debian based, not Alpine based #6373

Closed

Supporting TLS 1.3 matrix-org/matrix-federation-tester#97

Closed

neilisfragile added z-p2 (Deprecated Label) A-Docker Docker images, or making it easier to run Synapse in a container. labels Mar 9, 2020

richvdh closed this as completed Aug 6, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docker image doesn't support tls 1.3 #7000

docker image doesn't support tls 1.3 #7000

richvdh commented Feb 26, 2020

richvdh commented Feb 26, 2020

maquis196 commented Jul 12, 2020

richvdh commented Aug 6, 2020

docker image doesn't support tls 1.3 #7000

docker image doesn't support tls 1.3 #7000

Comments

richvdh commented Feb 26, 2020

richvdh commented Feb 26, 2020

maquis196 commented Jul 12, 2020

richvdh commented Aug 6, 2020