TLS 1.3 Early data

Sat Nov 12 10:22:52 UTC 2022

Hi,

seconds after I send the previous mail, I found the bug in my code. It is
working with Benjamin's suggestion.

Thanks
Jens

On 12/11/2022 11:18, Dirk Menstermann wrote:
> Hi Benjamin,
>
> thanks for your response. I updated to 111s and replaced the SNI callback with
> the ClientHello callback as suggested, but still no luck. So far FF does not
> send early data if it was not configured before the handshake started.
> Do you have another idea?
>
> Best,
> Jens
>
> On 05/11/2022 21:12, Benjamin Kaduk wrote:
>> On Sat, Nov 05, 2022 at 11:50:18AM +0100, Dirk Menstermann wrote:
>>> Hello,
>>>
>>> I did few experiments with early data but was not successful in solving my
>>> exotic use case: "Using early data dependent on the SNI"
>>>
>>> I control the server (linux, supports http2) based on OpenSSL 111q and use a
>>> recent firefox as client:
>>>
>>> 1) Setting SSL_CTX_set_max_early_data in the SSL_CTX* works (FF sends early
>>> data)
>>> 2) Setting SSL_set_max_early_data on the just created SSL* works (FF sends early
>>> data)
>>> 3) Setting SSL_set_max_early_data in the SNI callback during the handshake does
>>> not work (FF does not send early data)
>>>
>>> I guess there is a dirty way to "peek" into the client hello and parse it
>>> without OpenSSL, extracting the SNI and make it then like in 2), but I wonder if
>>> there is a better way.
>>>
>>> Any idea?
>>
>> The SNI callback runs far too late for this purpose (and, to be honest, a lot of
>> other purposes).  You should be able to use the client_hello callback for it,
>> though
>> (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html).
>>
>> Note that SSL_get_servername() does not provide something useful within the
>> client hello callback execution and you'll have to do something like
>> https://github.com/openssl/openssl/blob/master/test/helpers/handshake.c#L146-L198
>> in order to access the provided SNI value from the client.
>>
>> -Ben
>