Desktop: Question: TLSv1.3?

Does not this just depend on the underlying libraries that are used (presumably OpenSSL)? So depending on your OS, if you either have a distro that has an up-to-date OpenSSL it should work.

Or is this question only about Windows?

Or is this question only about Windows?

Oops, forgot to say that is is a question concerning the windows client.

This depends on openssl version used to compile, openssl on the server, and openssl version qt is compiled with.

Is there any update on this issue? The windows client still reports an outdated and unmaintained version of OpenSSL: Qt 5.11.1, OpenSSL 1.0.1h 5 Jun 2014
According to upstream, version 1.0.2 is the current LTS version of the 1.0 branch: https://www.openssl.org/source/

_"Note: The latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023. Our previous LTS version (1.0.2 series) will continue to be supported until 31st December 2019 (security fixes only during the last year of support). The 1.1.0 series is currently only receiving security fixes and will go out of support on 11th September 2019. All users of 1.0.2 and 1.1.0 are encouraged to upgrade to 1.1.1 as soon as possible. The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support and should not be used."_

The reason is Qt5:
https://github.com/nextcloud/desktop/blob/3384f7e28b80700bb0087d8471ebaa30edf346ed/src/libsync/syncengine.cpp#L827

which outputs at the moment:
Client version 2.5.2git Qt 5.11.3 SSL OpenSSL 1.0.1h 5 Jun 2014

But this week I will update the Qt version before releasing 2.5.2 and then we should get:
2.5.2 will be released this week with 5.11 but I will update the Qt version to 5.12 right after it so the daily builds will be up to date and tested with 5.12 before we can tag the 2.5.3 rc:
Client version 2.5.2git Qt 5.12.0 SSL OpenSSL 1.1.0h-fips 27 Mar 2018

Also because nowhere the client is being compiled and packaged with a version < 1.1:
https://github.com/nextcloud/desktop/blob/0e3a8856e59389c31cc064f18133876fbbff82b7/CMakeLists.txt#L186

@camilasan Excellent, thank you!

So that is done on Windows, you will find the updated version with Qt 5.12 for Windows on our daily builds since last Tuesday and tonight the first updated version Qt 5.12 for Linux.

• [x] Windows
• [x] Linux
• [ ] Mac OS

I downloaded the daily build, openssl is still a version that was released in 2014?!

Then the Qt update to OpenSSL 1.1 only happened on Linux. Can't find more info about it atm.

Client version 2.5.2git Qt 5.12.0 SSL OpenSSL 1.1.0h-fips 27 Mar 2018

My bad but I think this output is openSUSE doing only.

See https://bugreports.qt.io/browse/QTBUG-74315

How about MacOS Desktop client with TLS 1.3 support? the iOS version does support it already...

Also update the Windows Desktop Client, please.
It dos not work with a TLSv1.3 only Nextcloud Server setup........ June 2019

This is by the way not only related to macOS as it says in the labels.

Hey,

the latest Windows builds now support OpenSSL 1.1.1c with TLS 1.3 and report the correct version in the UI.
Since Qt 5.12.4 there is support and the outdated libraries can be removed. They were linked to Qt.

For details see here:
https://github.com/misch7/nextcloud-client-building

And here:
https://blog.qt.io/blog/2019/06/17/qt-5-12-4-released-support-openssl-1-1-1/

Latest daily build (not considered stable):
https://download.nextcloud.com/desktop/daily/Windows/Nextcloud-2.5.3.5731-daily-20190819-Release.exe

The next Windows release will be based on the library change 😼

I'm about to check for Linux and Mac too as soon as possible.

Thank you, issue resolved

@camilasan MacOS Client 2.6.0rc1 (build 20190907) still lists "Built from Git revision ef9315 on Sep 7 2019, 03:11:29 using Qt 5.9.2, OpenSSL 1.0.2r 26 Feb 2019." Is there any way to support TLS 1.3 (OpenSSL 1.1.1c) with the macos clients?

Does not work with standard nginx TLS1.3 directive from https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.0&config=modern

ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;

Standard ciphers used with config above

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256

I need to add ciphers manually that it works and enable TLSv1.2:

ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'kEECDH+ECDSA+AES256 kEECDH+ECDSA+AES128 kEECDH+AES256 kEECDH+AES128 +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !EXP !PSK !SRP !CAMELLIA !SEED';