TLS 1.3 Early data
Benjamin Kaduk
bkaduk at akamai.com
Sat Nov 5 20:12:23 UTC 2022
On Sat, Nov 05, 2022 at 11:50:18AM +0100, Dirk Menstermann wrote:
> Hello,
>
> I did few experiments with early data but was not successful in solving my
> exotic use case: "Using early data dependent on the SNI"
>
> I control the server (linux, supports http2) based on OpenSSL 111q and use a
> recent firefox as client:
>
> 1) Setting SSL_CTX_set_max_early_data in the SSL_CTX* works (FF sends early data)
> 2) Setting SSL_set_max_early_data on the just created SSL* works (FF sends early
> data)
> 3) Setting SSL_set_max_early_data in the SNI callback during the handshake does
> not work (FF does not send early data)
>
> I guess there is a dirty way to "peek" into the client hello and parse it
> without OpenSSL, extracting the SNI and make it then like in 2), but I wonder if
> there is a better way.
>
> Any idea?
The SNI callback runs far too late for this purpose (and, to be honest, a lot of
other purposes). You should be able to use the client_hello callback for it,
though (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html).
Note that SSL_get_servername() does not provide something useful within the
client hello callback execution and you'll have to do something like
https://github.com/openssl/openssl/blob/master/test/helpers/handshake.c#L146-L198
in order to access the provided SNI value from the client.
-Ben
More information about the openssl-users
mailing list