Handshake failure: TLSv1.3 early data?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



My public web servers shows several handshake failures daily due to
'TLSv1.3 early data', sometimes after a previous successful TLSv1.3
connection, but not always. 

I'm not currently attempting to handle any early data, I thought it was
disabled by default.  

Is there something I should be doing like using
SSL_CTX_set_allow_early_data_cb() to reject the early data?  Or setting
SSL_CTX_set_recv_max_early_data() to zero?

Maybe these errors are the result of bad client implementations and I
should just ignore them.  

Like all public servers, there are thousands of hacking attempts daily,
and other silly accesses, like why would anyone want to negotiate
protocol 0x0103 while also sending the EC Group extension?  

Angus




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux