How to debug a TLSv1.3 protocol problem?
ca+ssl-users at esmtp.org
Wed May 20 12:44:13 UTC 2020
On Wed, May 20, 2020, Matt Caswell wrote:
> SSL_accept:TLSv1.3 early data
> What happens in the application code? What was the function being called
> (SSL_accept?) and what return value do you get? What does
> SSL_get_error() return at this point?
r = SSL_accept(srv_ssl);
if (r <= 0)
ssl_err = SSL_get_error(srv_ssl, r);
It seems to me server and client get "out of sync" at the I/O layer
if I understand the SSL traces correctly:
S8: sends 2 records at the end:
but seemingly not
Instead it sends only its own
then its handshake again
and only then it receives ChangeCipherSpec
and S8 seemingly tries to interprete the out-of-sync data as TLSv1.3
early data and fails, thus returning an error from SSL_accept().
If that analysis is correct (can someone check please?), then I
need to look at the I/O layers of both programs -- they are rather
More information about the openssl-users