My public web servers shows several handshake failures daily due to 'TLSv1.3 early data', sometimes after a previous successful TLSv1.3 connection, but not always. I'm not currently attempting to handle any early data, I thought it was disabled by default. Is there something I should be doing like using SSL_CTX_set_allow_early_data_cb() to reject the early data? Or setting SSL_CTX_set_recv_max_early_data() to zero? Maybe these errors are the result of bad client implementations and I should just ignore them. Like all public servers, there are thousands of hacking attempts daily, and other silly accesses, like why would anyone want to negotiate protocol 0x0103 while also sending the EC Group extension? Angus
