Jan Prachař
December 14, 2018 06:18AM
On Fri, 2018-12-14 at 02:42 +0300, Sergey Kandaurov wrote:
> > On 6 Dec 2018, at 19:20, Jan Prachař <jan.prachar@gmail.com> wrote:
> >
> > On Thu, 2018-12-06 at 18:13 +0300, Sergey Kandaurov wrote:
> > > > On 6 Dec 2018, at 02:39, Honza Prachař <jan.prachar@gmail.com>
> > > > wrote:
> > > >
> > > > Hello! FYI there is an issue with TLS 1.3 Early data in OpenSSL
> > > > –
> > > > https://github.com/openssl/openssl/issues/7757
> > > >
> > > > So maybe you would want to consider ignoring Early data with
> > > > HTTP/2
> > > > and OpenSSL. Or try to fix the problem on the nginx side, i.e.
> > > > do
> > > > not call SSL_read_early_data() until all pending data is
> > > > written
> > > > with SSL_write_early_data().
> > >
> > > Hello.
> > >
> > > This is not strictly related to HTTP/2.
> > > I could reproduce it with s_client -early_data over HTTP/1.1,
> > > where 1st request is sent in 0-RTT, and 2nd - after handshake.
> > >
> > > This quick workaround helped me. The idea is that we block
> > > reading
> > > if SSL_write_early_data returned SSL_ERROR_WANT_WRITE, until one
> > > of
> > > the next SSL_write_early_data will succeed. In practice, we
> > > won't
> > > read until there's also no more data to send. For static
> > > content,
> > > that means that we will continue to read only after the whole
> > > file
> > > was sent. This doesn't look perfect but seems to work.
> >
> > This patch works for me too. SSL_read_early_data waits until all
> > requested files are sent. Then the handshake is finished.
>
> Thanks.
> It would be nice if you could also try this patch instead.
> Unlike previous, this one is closer to what would be committed.

I can confirm that provided patch works for me.

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

OpenSSL and Early data

Honza Prachař 208 December 05, 2018 06:40PM

Re: OpenSSL and Early data

Sergey Kandaurov 103 December 06, 2018 10:14AM

Re: OpenSSL and Early data

Jan Prachař 102 December 06, 2018 11:22AM

Re: OpenSSL and Early data

Sergey Kandaurov 75 December 13, 2018 06:44PM

Re: OpenSSL and Early data

Jan Prachař 75 December 14, 2018 06:18AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 159
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready