On 23/03/2020 12:06, Angus Robertson - Magenta Systems Ltd wrote: >>> My public web servers shows several handshake failures daily >>> due to 'TLSv1.3 early data', sometimes after a previous >>> successful TLSv1.3 connection, but not always. >> >> Do you have specific error messages? > > I seem to only report the state rather than an error once the socket is > closed, take a few hours to get some more failures with real errors. The state machine can (briefly) transition through the early data state even though early data is not being accepted, i.e. its there long enough to say "nothing to do here". So one explanation is that you're in that state when you hit the error - even though its nothing to do with early data itself. Matt
