[openssl-users] How can I compile nginx with openssl to support 0-rtt TLS1.3

carabiankyi carabiankyi at gmail.com
Sat Dec 29 06:42:19 UTC 2018

Thanks for your advice.I get early data when I configure nginx ssl_early_data on.But I only get early data for get method.When using post method, the server terminate connection. Is it related with openssl? If so, how can I do to allow post method?

Sent from my Samsung Galaxy smartphone.
-------- Original message --------From: Michael Wojcik <Michael.Wojcik at microfocus.com> Date: 29/12/2018  12:46 a.m.  (GMT+06:30) To: openssl-users at openssl.org Subject: Re: [openssl-users] How can I compile nginx with openssl to support	0-rtt TLS1.3 
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of ???????? ????
> Sent: Friday, December 28, 2018 00:25

> I have an nginx web server compiled with openssl that support TLS 1.3.

What version of OpenSSL? Is it 1.1.1? The final version or an early release? Or 1.1.0, and if so, which letter release?

> But when I test with firefox Nightly browser, it does not send early data together with
> client hello packet.

This sounds like an nginx or Firefox question. I haven't experimented with 0-RTT, which I think was a bad idea in TLSv1.3 and have no interest in enabling in my applications; but as I understand it, you have to set some options in the SSL structure (or the SSL_CTX you use to create it) in order to enable 0-RTT. That means nginx will have to make the necessary OpenSSL API calls. It may not have support for that yet, or in whatever version of nginx you're running.

It's also possible that there's some issue with the Firefox build you're running and its 0-RTT support. My suspicion though is that nginx is not enabling 0-RTT in nginx.

Michael Wojcik
Distinguished Engineer, Micro Focus

openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181229/173bdac4/attachment-0001.html>

More information about the openssl-users mailing list