OpenSSL and Early data

Thu Dec 6 15:13:39 UTC 2018

> On 6 Dec 2018, at 02:39, Honza Prachař <jan.prachar at gmail.com> wrote:
> 
> Hello! FYI there is an issue with TLS 1.3 Early data in OpenSSL – 
> https://github.com/openssl/openssl/issues/7757
> 
> So maybe you would want to consider ignoring Early data with HTTP/2 and OpenSSL. Or try to fix the problem on the nginx side, i.e. do not call SSL_read_early_data() until all pending data is written with SSL_write_early_data().

Hello.

This is not strictly related to HTTP/2.
I could reproduce it with s_client -early_data over HTTP/1.1,
where 1st request is sent in 0-RTT, and 2nd - after handshake.

This quick workaround helped me.  The idea is that we block reading
if SSL_write_early_data returned SSL_ERROR_WANT_WRITE, until one of
the next SSL_write_early_data will succeed.  In practice, we won't
read until there's also no more data to send.  For static content,
that means that we will continue to read only after the whole file
was sent.  This doesn't look perfect but seems to work.

diff -r 2117637f64e9 src/event/ngx_event_openssl.c

--- a/src/event/ngx_event_openssl.c     Tue Nov 27 17:40:21 2018 +0300
+++ b/src/event/ngx_event_openssl.c     Thu Dec 06 14:51:18 2018 +0000
@@ -2352,6 +2352,7 @@
 
     if (sslerr == SSL_ERROR_WANT_WRITE) {
 
+#if 0
         if (c->ssl->saved_read_handler) {
 
             c->read->handler = c->ssl->saved_read_handler;
@@ -2364,6 +2365,11 @@
 
             ngx_post_event(c->read, &ngx_posted_events);
         }
+#endif
+        if (c->ssl->saved_read_handler == NULL) {
+            c->ssl->saved_read_handler = c->read->handler;
+            c->read->handler = ngx_ssl_read_handler;
+        }
 
         c->write->ready = 0;
         return NGX_AGAIN;


-- 
Sergey Kandaurov

