openssl 1.1.1 is final: /news/openssl-1.1.1-notes.html
Chrome will support the final TLS 1.3 with Chrome 70 (October) and Firefox with version 63 (also October).
Maybe dev.ssllabs.com should switch also from draft 28 to final?
it looks like htbridge just rolled out support for (actual, not draft) TLS 1.3 on their server test today.
dev.ssllabs.com version 1.32.6
Now support TLS 1.3 RFC 8446 for Server Test.
For Client Test, TLS 1.3 RFC 8446 and draft versions
the test doesn't seem to detect cipher suite preferences for TLS 1.3 (always says the server has no preference, while the handshake simulation section shows otherwise).
it also fails to detect a server's cipher suite preference for TLS 1.2 if a server is configured with only AES 256 GCM and ChaCha20, in that order, with OpenSSL's PrioritizeChaCha option enabled. it says the server has no preference, but the handshake simulation section shows the server choosing AES 256 GCM for clients that have a preference order of AES 128 GCM > ChaCha20 > AES 256 GCM. if any other cipher suite is added after ChaCha20 in the server's cipher suite list, the test does correctly detect the server's preference order.
SSL Server Test: 256only.thinkindifferent.net (Powered by Qualys SSL Labs) shows both issues.
if the server had no preference for TLS 1.3, Chrome 70 / Win 10 would get TLS_AES_128_GCM_SHA256, but instead it gets TLS_AES_256_GCM_SHA384.
if the server had no preference for TLS 1.2, Firefox 49 / XP SP3 and Firefox 62 / Win 7 would both get TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, but instead they get TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.
also, www.ssllabs.com seems to have some IPv6 issue that dev.ssllabs.com doesn't.
Retrieving data ...