We should attempt to enable the TLS 1.3 code contained in NSS, as soon as possible. (This isn't about enabling the protocol by default; rather, it's about building the code, so application could enable it, if they want to.)
Here is a COPR repo with NSS builds that enable TLS 1.3. https://copr.fedorainfracloud.org/coprs/kengert/nss-with-tls-1.3/ The builds are based on the most recently released builds for Fedora, and only flip the switch to enable support for TLS 1.3, no other changes. The builds will always append something like .1.with_tls1_3 at the end of the regular release version, so it's easy to distinguish them. Because of that numbering, any later official build should always override these experimental packages. It would be good if Fedora packagers tried to use these NSS packages, and check if they cause any problems for their own package.
I have successfully deployed and tested FreeIPA with the TLS 1.3-enabled NSS from Kai's COPR. All components work as expected. The test covers 389-DS, libldap, Dogtag (JSS, TomcatJSS), mod_nss, libcurl and python-nss. mod_nss is configured with TLS 1.0 to 1.2 support. $ rpm -qa nss freeipa-server nss-3.29.3-1.3.0.1.with_tls1_3.fc26.x86_64 freeipa-server-4.4.3-8.fc26.x86_64
Installation on Fedora 25 was successful, too. # rpm -qa freeipa-server nss nss-3.29.3-1.1.0.1.with_tls1_3.fc25.x86_64 freeipa-server-4.4.4-1.fc25.x86_64
nss-3.30.2-1.1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-e504c7cb8f
nss-3.30.2-1.1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b2bcf2658d
nss-3.30.2-1.1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-e504c7cb8f
nss-3.30.2-1.1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-b2bcf2658d
These updates have been in updates-testing for 10 days. I suggest to push them to stable.
nss-3.30.2-1.1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
nss-3.30.2-1.1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
Closing this, as the update has been in release branches for a while (except f24, which is on purpose).