[openssl-users] Why was early data rejected?
John Jiang
john.sha.jiang at gmail.com
Wed Sep 12 08:34:36 UTC 2018
Matt Caswell <matt at openssl.org> 于2018年9月12日周三 下午4:16写道:
>
>
> On 12/09/18 08:07, John Jiang wrote:
> > I just build OpenSSL 1.1.1 on MacOSX.
> > Tried 0-RTT, and the commands like the followings,
> > openssl s_server -cert server.cer -key server.key -tls1_3 -early_data
> > -accept 9443
> > ...
> > openssl s_client -CAfile ca.cer -tls1_3 -sess_in openssl.sess
> > -early_data data -connect localhost:9443
> >
> > s_client reported
> > New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
>
> The "New" here means that the resumption attempt failed. Successful
> resumption is a pre-requisite for early data. How did you create
> "openssl.sess"?
>
openssl s_client -CAfile ca.cer -tls1_3 -sess_out openssl.sess -connect
localhost:9443
I just re-tried my test case.
Re-started s_server and did two connection. The second connection reported:
Reused, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was rejected
Verify return code: 0 (ok)
It looks the session was resumed, but early data still was rejected.
> Matt
>
>
> > ...
> > Early data was rejected
> > Verify return code: 0 (ok)
> >
> > What's wrong with my testing?
> >
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180912/1e0f58e6/attachment.html>
More information about the openssl-users
mailing list