TLS 1.3 approved by IETF

Not deployable yet. Packages like OpenSSL need updates

https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/

Their master branch has TLS 1.3 development code for testing purposes.

I 've compiled on ubuntu openvpn 2.5_git with openssl 1.1.1-pre5-dev... would it be possible to have of openssl/openvpn with tls 1.3 support?

You might be able to just change the package Makefile reference to the source version.

Personally, I wouldn't risk the possibility that an early development version has either glaring security holes or functionality problems (like crashes) in the new code or that the new code "breaks" long-existing functionality in anything but a development environment.

yes ... I tried to change the Makefile ... what I meant shouldn't we have a 'bleeding edge' branch with the latest of all packages ... which gives a chance to everyone test / check back doors etc but also show how innovative we are ?

The pull request queue, dev mailing lists and the staging repos of core devs serve a bit like the ultimate bleeding edge test branches...

Feel free to author the version update for Makefile and related config & patches, and once it works ok for you, issue a pull request for getting that adopted into the master.

When 1.1.1 is released, it will/might get accepted. Meanwhile, you can use and test that in your own source tree for your own builds. And once you have authored that PR, others can test your version and give feedback.

But generally the master, out bleeding edge, is still based on released upstream packages, so usually there aren't any pre-release versions of core upstream packages in the main master branch.

Just keep in mind that the bulk of the required porting effort isn't updating the openssl/ libssl package, but making all its users compile and work against/ with it.