Re: Why was early data rejected?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Matt Caswell <matt@xxxxxxxxxxx> 于2018年9月12日周三 下午4:16写道:


On 12/09/18 08:07, John Jiang wrote:
> I just build OpenSSL 1.1.1 on MacOSX.
> Tried 0-RTT, and the commands like the followings,
> openssl s_server -cert server.cer -key server.key -tls1_3 -early_data
> -accept 9443
> ...
> openssl s_client -CAfile ca.cer -tls1_3 -sess_in openssl.sess
> -early_data data -connect localhost:9443
>
> s_client reported
> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384

The "New" here means that the resumption attempt failed. Successful
resumption is a pre-requisite for early data. How did you create
"openssl.sess"?
openssl s_client -CAfile ca.cer -tls1_3 -sess_out openssl.sess -connect localhost:9443
 
I just re-tried my test case.
Re-started s_server and did two connection. The second connection reported:
Reused, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was rejected
Verify return code: 0 (ok)

It looks the session was resumed, but early data still was rejected.


Matt


> ...
> Early data was rejected
> Verify return code: 0 (ok)
>
> What's wrong with my testing?
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux