Handshake failure: TLSv1.3 early data?
Angus Robertson - Magenta Systems Ltd
angus at magsys.co.uk
Mon Mar 23 19:42:00 UTC 2020
> Is it possible the browsers are trying to send early data?
I doubt it, I was not reporting the error, trying to report errors
before they disappear with clean-up code is an art, and does not always
work, so mostly I now see:
error:00000000:lib(0):func(0):reason(0), State: TLSv1.3 early data,
connection closed unexpectedly
but sometimes
error:140E0197:SSL routines:SSL_shutdown:shutdown while in init, State:
SSL negotiation finished successfully
But only four failures are logged on the live server so far, there will
be more handshake failures overnight that might be more helpful.
Suspect the real issue is simply the client abandoning the connection,
and different places leave different errors. Some failures are obvious
like TLSv1 which is disabled on the server.
But I was worried our TLSv1.3 implementation was missing something
important. Read a lot about early data, but not really why anyone uses
it in practice, if it is used. Quite content to continue to ignore
early data.
Angus
More information about the openssl-users
mailing list