Welcome! Log In Create A New Profile

Advanced

Re: SSL: Accepting early data in TLSv1.3

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
July 11, 2017 02:34PM
Hello!

On Tue, Jul 11, 2017 at 11:00:50AM -0700, Utkarsh Tewari wrote:

> Hello,
>
> I am using OpenSSL s_client to send early data during resumption over a
> TLS1.3 connection. However, the server rejects it as shown below.
>
>
> Reused, TLSv1.3, Cipher is TLS13-AES-128-GCM-SHA256
> Server public key is 2048 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> *Early data was rejected*
> SSL-Session:
> Protocol : TLSv1.3
> Cipher : TLS13-AES-128-GCM-SHA256
>
>
> Is there any way to accept early data on the server?

No. As of now, early data is not supported by nginx.

Note well that early data requires special handling and using it
implies different security guarantees from the protocol - notably,
there is no replay protection. If/when supported, early data will
not be enabled by default, but instead will require an explicit
configuration option to enable it.

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

SSL: Accepting early data in TLSv1.3

Utkarsh Tewari 1082 July 11, 2017 02:02PM

Re: SSL: Accepting early data in TLSv1.3

Maxim Dounin 448 July 11, 2017 02:34PM

Re: SSL: Accepting early data in TLSv1.3

Sergey Kandaurov 499 July 12, 2017 10:08AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 231
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready