Handshake failure: TLSv1.3 early data?

Angus Robertson - Magenta Systems Ltd angus at magsys.co.uk
Mon Mar 23 19:42:00 UTC 2020

> Is it possible the browsers are trying to send early data?
I doubt it, I was not reporting the error, trying to report errors
before they disappear with clean-up code is an art, and does not always
work, so mostly I now see: 

error:00000000:lib(0):func(0):reason(0), State: TLSv1.3 early data,
connection closed unexpectedly 

but sometimes 

error:140E0197:SSL routines:SSL_shutdown:shutdown while in init, State:
SSL negotiation finished successfully

But only four failures are logged on the live server so far, there will
be more handshake failures overnight that might be more helpful.

Suspect the real issue is simply the client abandoning the connection,
and different places leave different errors.  Some failures are obvious
like TLSv1 which is disabled on the server.  

But I was worried our TLSv1.3 implementation was missing something
important.  Read a lot about early data, but not really why anyone uses
it in practice, if it is used. Quite content to continue to ignore
early data.    


More information about the openssl-users mailing list