<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jul 31, 2017 at 9:43 AM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Apologies for the delayed response - I've been away on holiday. Comments<br>
inserted below.<br></blockquote><div><br></div><div><br></div><div>No problem thanks for the replies </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Matt<br>
<br>
<br>
On 26/07/17 00:05, Neetish Pathak wrote:<br>
>> *Pseudocode for server*<br>
>> *<br>
>> *<br>
>> tcp_accept<br>
>> *<br>
>> *<br>
>> read_early{<br>
>><br>
>> if(read_early_success){<br>
>> write_early(data)<br>
>> }<br>
>> }<br>
<br>
There is a bit of complexity here (covered in the docs), i.e.<br>
SSL_read_early_data() may return SSL_READ_EARLY_DATA_SUCCESS or<br>
SSL_READ_EARLY_DATA_FINISH. In the latter case this is still a success,<br>
but the server may or may not be able to write early data. I assume that<br>
you have covered that in your actual code and it's just skimmed over<br>
here in your pseudo code.<br></blockquote><div><br></div><div><font color="#ff0000"><br></font></div><div><font color="#ff0000">So, I consider read_early_sucess when SSL_read_early_data() returns SSL_READ_EARLY_DATA_FINISH. Also, I check that early data was accepted before declaring success. Look at the case checks below</font></div><div>
<p class="gmail-p1"><font color="#ff0000"><span class="gmail-s1"><b>case</b></span> SSL_READ_EARLY_DATA_SUCCESS:</font></p><p class="gmail-p1"><font color="#ff0000"><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span> totalBytes += readBytes;</font></p><p class="gmail-p1"><span class="gmail-s1"><font color="#ff0000">
</font></span></p><p class="gmail-p2"><font color="#ff0000"><span class="gmail-s2"><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span></span><b> break</b><span class="gmail-s2">;</span></font></p><p class="gmail-p1"><span class="gmail-s1"><b><font color="#ff0000"><br></font></b></span></p><p class="gmail-p1"><font color="#ff0000"><span class="gmail-s1"><b>case</b></span> SSL_READ_EARLY_DATA_FINISH:</font></p>
<p class="gmail-p1"><font color="#ff0000"><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span> totalBytes += readBytes;</font></p>
<p class="gmail-p1"><font color="#ff0000"><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-s1"><b> if</b></span> (SSL_EARLY_DATA_ACCEPTED == SSL_get_early_data_status(<span class="gmail-s1"><b>this</b></span>->conn) && totalBytes > 0) {</font></p>
<p class="gmail-p1"><font color="#ff0000"><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span> readBuf = string(readBuffer);</font></p>
<p class="gmail-p1"><font color="#ff0000"><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-s1"><b> return</b></span> SUCCESS;</font></p>
<p class="gmail-p1"><font color="#ff0000"><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span><span class="gmail-Apple-tab-span"></span> }</font></p><p class="gmail-p1"><font color="#ff0000"><br></font></p><p class="gmail-p1"><font color="#ff0000">So, are you suggesting that early data may not be written from the server side if SSL_READ_EARLY_DATA_FINISH is received. Should I try writing before that (as in when SSL_READ_EARLY_DATA_SUCCESS is received )</font></p></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="gmail-"><br>
<br>
>> 2) Why does the server not send data (for early write) after the<br>
>> server Hello(and other encrypted message) message even when<br>
>> early_write succeeds on server side. Why does server wait to<br>
>> finish the handshake. I know it waits because I see client sending<br>
>> encrypted messages after server hello message before my intended<br>
>> application data gets sent from server. These encrypted messages<br>
>> from the client side are the usual messages from the client side<br>
>> for handshake completion.<br>
>><br>
><br>
> From a quick look through the state machine code, this is supposed<br>
> to work. But someone would probably have to instrument the code<br>
> (e.g., with printf) to tell why the delay is being introduced. I<br>
> don't think I have the availability to do so in the near future, myself.<br>
><br>
><br>
><br>
> I see that the application data is not being sent from server to an<br>
> unauthenticated client. The server is sending data only after receiving<br>
> some encrypted message which I believe is the EndOfEarlyData and<br>
> Finished messages. Following is a dump of wireshark logs for the<br>
> communication with early data enabled. I also tried with some logs in<br>
> Openssl libraries, I see early data gets written from server side when<br>
> write_early_data is called. Internally SSL_write_ex is called which<br>
> completes write and handshake. But I am not sure why application data is<br>
> not actually pushed from the server side. It is waiting for the Client<br>
> finished message.<br>
> I have disabled Nagle's algo during this operation.<br>
<br>
</span>Can you confirm whether you have disabled Nagle's algo on both the<br>
client *and* the server?`<br></blockquote><div><br></div><div><br></div><div><font color="#ff0000">Nagle's algorithm is disabled on both the client and the server side.</font></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="gmail-"><br>
<br>
><br>
> Client port is 56806 and server port is 12345<br>
><br>
><br>
> No. Time Source Destination<br>
> Protocol Length Info<br>
> 207 18.380298 ::1 ::1<br>
> TLSv1.3 956 Client Hello ----------------- Client Hello<br>
><br>
><br>
> No. Time Source Destination<br>
> Protocol Length Info<br>
> 208 18.380335 ::1 ::1<br>
</span>> TLSv1.3 2849 Application Data ------------------*Early Data<br>
> from the client side (Intended Application Data)*<br>
<span class="gmail-">> Transmission Control Protocol, Src Port: 56806, Dst Port: 12345, Seq:<br>
> 881, Ack: 1, Len: 2773<br>
><br>
> No. Time Source Destination<br>
> Protocol Length Info<br>
> 211 18.380624 ::1 ::1<br>
> TLSv1.3 219 Server Hello, Application Data, Application Data .<br>
> ------------Server Hello and (encrypted handshake message/extensions)<br>
> Transmission Control Protocol, Src Port: 12345, Dst Port: 56806, Seq: 1,<br>
> Ack: 3654, Len: 143<br>
><br>
> No. Time Source Destination<br>
> Protocol Length Info<br>
> 213 18.380819 ::1 ::1<br>
> TLSv1.3 160 Application Data, Application Data ------Encrypted<br>
</span>> handshake msg from client (*I believe they are end early data and finished*)<br>
<span class="gmail-">> Transmission Control Protocol, Src Port: 56806, Dst Port: 12345, Seq:<br>
> 3654, Ack: 144, Len: 84<br>
><br>
><br>
> No. Time Source Destination<br>
> Protocol Length Info<br>
> 215 18.381122 ::1 ::1<br>
> TLSv1.3 762 Application Data<br>
> Transmission Control Protocol, Src Port: 12345, Dst Port: 56806, Seq:<br>
> 144, Ack: 3738, Len: 686 -----I don't know why this application data<br>
> is sent from server. My guess is this is session info<br>
<br>
</span>It could be the NewSessionTicket message going from the server to the<br>
client. But if so that is a little strange. The NST message is only sent<br>
after the handshake is complete (so no more early data is possible). At<br>
this point SSL_read_early_data() should have returned<br>
SSL_READ_EARLY_DATA_SUCCESS, SSL_is_init_finished() will return true,<br>
and any calls to SSL_write_early_data() will fail.<br></blockquote><div><br></div><div><font color="#ff0000">Yes, here the handshake is completed. Will the new session ticket be sent each time after the handshake? In theTLS 1.3 draft, it is mentioned that new session tickets may be sent after server receives Finished from the client and it creates a unique association between the ticket value and a secret PSK derived from the resumption master secret. </font></div><div><font color="#ff0000">But looks like, I am receiving new session ticket every-time. So, as per the implementation, new session ticket is a must I guess. Am I right? When will I not receive new session ticket in TLS 1.3?</font></div><div><font color="#ff0000"><br></font></div><div><font color="#ff0000">Also, I believe it is different than how new session ticket works in TLS 1.2 where it was sent only once to share the encrypted ticket from the server side when the client indicates support for session tickets.</font></div><div><br></div><pre class="gmail-newpage" style="font-size:13.3333px;margin-top:0px;margin-bottom:0px;color:rgb(0,0,0)"> </pre><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">
<br>
<br>
><br>
><br>
> No. Time Source Destination<br>
> Protocol Length Info<br>
> 217 18.381210 ::1 ::1<br>
</span>> TLSv1.3 9917 Application Data ----------*Intended<br>
> Application Data that was intended to be early data *<br>
<span class="gmail-">> Transmission Control Protocol, Src Port: 12345, Dst Port: 56806, Seq:<br>
> 830, Ack: 3738, Len: 9841<br>
><br>
> No. Time Source Destination<br>
> Protocol Length Info<br>
> 219 18.381308 ::1 ::1<br>
> TLSv1.3 100 Application Data . ---------Application Data<br>
> from client (I also see this application data sent everytime, not sure why)<br>
> Transmission Control Protocol, Src Port: 56806, Dst Port: 12345, Seq:<br>
> 3738, Ack: 10671, Len: 24<br>
><br>
><br>
> No. Time Source Destination<br>
> Protocol Length Info<br>
> 220 18.381309 ::1 ::1<br>
> TLSv1.3 100 Application Data . ---------Application Data from<br>
> server (I also see this application data sent everytime, not sure why)<br>
<br>
</span>Perhaps these are close_notify alerts? Are you shutting down the<br>
connection cleanly at this point?<br></blockquote><div><br></div><div><font color="#ff0000">I am shutting down the connection from the client side. Server is up all the time for any new connection.</font></div><div><font color="#ff0000"><br></font></div><div><font color="#ff0000">Thanks</font></div><div><font color="#ff0000">Neetish</font></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div class="gmail-HOEnZb"><div class="gmail-h5"><br>
Matt<br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</div></div></blockquote></div><br></div></div>