Handshake failure: TLSv1.3 early data?

Matt Caswell matt at openssl.org
Mon Mar 23 11:25:57 UTC 2020

On 23/03/2020 11:09, Angus Robertson - Magenta Systems Ltd wrote:
> My public web servers shows several handshake failures daily due to
> 'TLSv1.3 early data', sometimes after a previous successful TLSv1.3
> connection, but not always. 

Do you have specific error messages?

> I'm not currently attempting to handle any early data, I thought it was
> disabled by default.

It is. You don't need to do anything to disable early data.

> Maybe these errors are the result of bad client implementations and I
> should just ignore them.  

Possibly - but it would be good to see error messages.


> Like all public servers, there are thousands of hacking attempts daily,
> and other silly accesses, like why would anyone want to negotiate
> protocol 0x0103 while also sending the EC Group extension?  
> Angus

More information about the openssl-users mailing list