[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Mon Jul 23 08:37:16 UTC 2018
The branch master has been updated
via b5cd751c695602cba4fbe67e590fc8112bf5d8fa (commit)
from 8fc4aeb9521270ac74b29ce7f569939b0b39e685 (commit)
- Log -----------------------------------------------------------------
commit b5cd751c695602cba4fbe67e590fc8112bf5d8fa
Author: Matt Caswell <matt at openssl.org>
Date: Wed Jul 18 15:22:06 2018 +0100
Add a note about aborts encountered while sending early_data
In some circumstances it is possible for a client to have a session
reporting a max early data value that is greater than the server will
support. In such cases the client could encounter an aborted connection.
Fixes #6735
Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/6740)
-----------------------------------------------------------------------
Summary of changes:
doc/man3/SSL_read_early_data.pod | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/doc/man3/SSL_read_early_data.pod b/doc/man3/SSL_read_early_data.pod
index 27c127d..9769aa7 100644
--- a/doc/man3/SSL_read_early_data.pod
+++ b/doc/man3/SSL_read_early_data.pod
@@ -267,6 +267,19 @@ Nagle's algorithm. If an application opts to disable Nagle's algorithm
consideration should be given to turning it back on again after the handshake is
complete if appropriate.
+In rare circumstances, it may be possible for a client to have a session that
+reports a max early data value greater than 0, but where the server does not
+support this. For example, this can occur if a server has had its configuration
+changed to accept a lower max early data value such as by calling
+SSL_CTX_set_recv_max_early_data(). Another example is if a server used to
+support TLSv1.3 but was later downgraded to TLSv1.2. Sending early data to such
+a server will cause the connection to abort. Clients that encounter an aborted
+connection while sending early data may want to retry the connection without
+sending early data as this does not happen automatically. A client will have to
+establish a new transport layer connection to the server and attempt the SSL/TLS
+connection again but without sending early data. Note that it is inadvisable to
+retry with a lower maximum protocol version.
+
=head1 REPLAY PROTECTION
When early data is in use the TLS protocol provides no security guarantees that
More information about the openssl-commits
mailing list