<div dir="ltr">Hello,<br><br>I am using OpenSSL s_client to send early data during resumption over a TLS1.3 connection. However, the server rejects it as shown below. <br><br><br><font face="monospace, monospace">Reused, TLSv1.3, Cipher is TLS13-AES-128-GCM-SHA256<br>Server public key is 2048 bit<br>Secure Renegotiation IS NOT supported<br>Compression: NONE<br>Expansion: NONE<br>No ALPN negotiated<br><b>Early data was rejected</b><br>SSL-Session:<br> Protocol : TLSv1.3<br> Cipher : TLS13-AES-128-GCM-SHA256</font><div><font face="monospace, monospace"><br></font></div><div><br></div><div>Is there any way to accept early data on the server?</div><div><br>I am using a basic server config:</div><div><br></div><div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><font face="times new roman, serif">worker_processes 1;<br></font><font face="times new roman, serif">events {worker_connections 1024;<br></font><font face="times new roman, serif">}</font><font face="times new roman, serif"><br></font><font face="times new roman, serif">http {<br></font><font face="times new roman, serif">include mime.types;<br></font><font face="times new roman, serif">default_type application/octet-stream;<br></font><font face="times new roman, serif">sendfile on;<br></font><font face="times new roman, serif">keepalive_timeout 10m;</font><font face="times new roman, serif"><br></font><font face="times new roman, serif">server {<br></font><font face="times new roman, serif">listen <a href="http://127.0.0.1:443">127.0.0.1:443</a>;<br></font><font face="times new roman, serif">ssl on;<br></font><font face="times new roman, serif">ssl_prefer_server_ciphers on;<br></font><font face="times new roman, serif">ssl_protocols TLSv1.3;<br></font><font face="times new roman, serif">ssl_ciphers TLS13-AES-128-GCM-SHA256;<br></font><font face="times new roman, serif">#ssl_ecdh_curve secp384r1:X25519;<br></font><font face="times new roman, serif">ssl_certificate /usr/local/nginx/certs/nginx-selfsigned.crt;<br></font><font face="times new roman, serif">ssl_certificate_key /usr/local/nginx/certs/nginx-selfsigned.key;<br></font><font face="times new roman, serif"># ssl_dhparam /usr/local/nginx/ssl/certs/dhparam.pem;</font><font face="times new roman, serif"><br></font><font face="times new roman, serif">ssl_session_tickets on;<br></font><font face="times new roman, serif">ssl_session_cache shared:SSL:10m;<br></font><font face="times new roman, serif">ssl_session_timeout 10m;<br></font><font face="times new roman, serif">keepalive_timeout 7200s;<br></font><font face="times new roman, serif">location / {root html;<br></font><font face="times new roman, serif">index index.html index.htm;<br></font><font face="times new roman, serif">}<br></font><font face="times new roman, serif">}<br></font><font face="times new roman, serif">}</font></blockquote>
<br></div><div><br></div><div>Cheers,<br>Utkarsh</div><div><br></div><div><br></div></div><div hspace="streak-pt-mark" style="max-height:1px"><img alt="" style="width:0px;max-height:0px;overflow:hidden" src="https://mailfoogae.appspot.com/t?sender=adXRrYXJzaC50ZXdhcmlAc2pzdS5lZHU%3D&type=zerocontent&guid=c22ba69b-4af9-4882-bb04-da0af472647b"><font color="#ffffff" size="1">ᐧ</font></div>