TLS 1.3 Early data
Dirk Menstermann
noadsplease at web.de
Sat Nov 5 10:50:18 UTC 2022
Hello,
I did few experiments with early data but was not successful in solving my
exotic use case: "Using early data dependent on the SNI"
I control the server (linux, supports http2) based on OpenSSL 111q and use a
recent firefox as client:
1) Setting SSL_CTX_set_max_early_data in the SSL_CTX* works (FF sends early data)
2) Setting SSL_set_max_early_data on the just created SSL* works (FF sends early
data)
3) Setting SSL_set_max_early_data in the SNI callback during the handshake does
not work (FF does not send early data)
I guess there is a dirty way to "peek" into the client hello and parse it
without OpenSSL, extracting the SNI and make it then like in 2), but I wonder if
there is a better way.
Any idea?
Thanks
Dirk
More information about the openssl-users
mailing list