Hi all,
since TLS 1.3 has been finalized and approved and Chrome and Firefox already support it. What is the status of tls 1.3 support in the seafile desktop and mobile clients?
3 Likes
Any news on this?
4 Likes
It’s been two years now…and still no TLSv1.3 support?
I’ve just set up my new seafile server today and the desktop client threw a “ssl handshake error”. After 1 hour of debugging i stumbled across the tls settings…
Adding TLS 1.2 support to nginx solved the issue.
Please add TLS1.3 support to seafile!
1 Like
Looking at Nextcloud QT seems to support it meanwhile.
“we’ve just released 2.6.1 RC1 which is built with Qt 5.12.5 and OpenSSL 1.1.1d on all platforms, so it features TLS 1.3 :-)” – https://github.com/nextcloud/desktop/issues/1419#issuecomment-544019354
since another year has passed…
@daniel.pan any news / plans to support TLSv1.3?
3 Likes
This is starting to be a serious issue, TLSv1.2 has serious security flaws by now. Please fix this asap.
3 Likes
Reference here.
@Jonathan When can we expect 1.3 to be included into sync and drive client?
Search for China and TLS 1.3 in Google. I am not so sure if this gets implemented 
1 Like
This would be really bad news for the long term security of seafile. I guess it is finally time to look for an alternative that has basic search capabilities and supports TLS 1.3 (and future versions). As much as a like seafile and appreciate all the work the team has done, missing tls 1.3+ support is a deal breaker…
You realize that the clients discussed in this thread are open source? ALL of them!
https://download.seafile.com/published/seafile-manual/home.md
To be honest, I would also find a statement of the developers interesting. TLS 1.3 with ESNI provides such a high value for privacy that it is almost completely blocked by the chinese national censorship tool, also known as the Great Firewall (GFW), see: https://www.zdnet.com/article/china-is-now-blocking-all-encrypted-https-traffic-using-tls-1-3-and-esni/. Therefore, it may also play a limited role in software development in China. But for the rest of the world it would certainly be a great improvement.
@daniel.pan @Jonathan Please provide us with a statement regarding TLS 1.3 implementation in sync and drive client.
Not commenting on this at all since 2018 raises questions in the community as you can see. Thanks in advance for implementing this soon.
@rdb Even if someone from the community would implement this, the chances of the code to be merged are low since (sadly) even the manual was closed for public community input and even back then it took sometimes month for a merge request to be noticed. This shouldn’t be an issue to implement in the clients and it is long overdue.
1 Like
The clients use Qt and libcurl.
Current status of clients on platforms:
sync client:
- Windows: not compatible to TLS 1.3. The build environment needs to be updated to newer version of Qt and libcurl. We’ll work on it before the end of this year. It’ll take some time since we need to migrate from Mingw to Visual Studio.
- macOS: need to upgrade Qt version. This will be done in the next version.
- Linux: use latest OS and libraries.
SeaDrive client:
- Windows: 2.0 is compatible with TLS 1.3
- macOS: need to upgrade Qt version. This will be done in the next version.
- Linux: use latest OS and libraries.
5 Likes
Seafile Sync Client 8.0 now supports TLS 1.3: Seafile sync client 8.0.0 (beta) is released!
With the most recent Mac client 9.0.5 (m1) I get SSL handshake failed when trying to connect to a TLS 1.3 only server.
The official build for Qt uses native but old TLS library from macOS, which doesn’t support TLS 1.3 unfortunately. Windows build uses OpenSSL so it’s long been supported.
What is the status of the Mac client regarding support of TLS v1.3?
Good news, apparently it will be part of the next update! See here: Desktop syncing client for Mac cannot access my public instance of Seafile on Docker - #6 by Jonathan
Haven’t found a release date for 9.0.7 yet, though.
Noticed 9.0.7 has been released today! Has anyone verified whether it fixes TLS on the Mac Client?