On 21/06/18 10:44, John Jiang wrote: > If s_server doesn't use option -early_data, the NewSessionTicket won't > contain early_data extension, > and then in the second connection, s_client won't send early data even > option -early_data is used. > Right? Correct. > Is it possible to take s_client to send early data, even though the > server don't support 0-RTT. You can start s_server with the -early_data option and connect to it via s_client to get the session with the early_data extension in it. Then stop and restart s_server without the early_data extension. Start s_client and attempt to send early_data. The early_data will get rejected and a full handshake will occur instead. Or, another possibility is to do things as I originally suggested (so that s_client sends early data that the server accepts), but then use s_client *again* reusing the same session to send early data. The replay protection will kick in, and s_server will refuse the early data. Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
