SSL: Accepting early data in TLSv1.3
Utkarsh Tewari
utkarsh.tewari at sjsu.edu
Tue Jul 11 18:00:50 UTC 2017
Hello,
I am using OpenSSL s_client to send early data during resumption over a
TLS1.3 connection. However, the server rejects it as shown below.
Reused, TLSv1.3, Cipher is TLS13-AES-128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
*Early data was rejected*
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS13-AES-128-GCM-SHA256
Is there any way to accept early data on the server?
I am using a basic server config:
worker_processes 1;
> events {worker_connections 1024;
> }
> http {
> include mime.types;
> default_type application/octet-stream;
> sendfile on;
> keepalive_timeout 10m;
> server {
> listen 127.0.0.1:443;
> ssl on;
> ssl_prefer_server_ciphers on;
> ssl_protocols TLSv1.3;
> ssl_ciphers TLS13-AES-128-GCM-SHA256;
> #ssl_ecdh_curve secp384r1:X25519;
> ssl_certificate /usr/local/nginx/certs/nginx-selfsigned.crt;
> ssl_certificate_key /usr/local/nginx/certs/nginx-selfsigned.key;
> # ssl_dhparam /usr/local/nginx/ssl/certs/dhparam.pem;
> ssl_session_tickets on;
> ssl_session_cache shared:SSL:10m;
> ssl_session_timeout 10m;
> keepalive_timeout 7200s;
> location / {root html;
> index index.html index.htm;
> }
> }
> }
Cheers,
Utkarsh
ᐧ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20170711/7050e231/attachment.html>
More information about the nginx-devel
mailing list