SSL: Accepting early data in TLSv1.3

Utkarsh Tewari utkarsh.tewari at sjsu.edu
Tue Jul 11 18:00:50 UTC 2017


Hello,

I am using OpenSSL s_client to send early data during resumption over a
TLS1.3 connection. However, the server rejects it as shown below.


Reused, TLSv1.3, Cipher is TLS13-AES-128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
*Early data was rejected*
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS13-AES-128-GCM-SHA256


Is there any way to accept early data on the server?

I am using a basic server config:

worker_processes 1;
> events {worker_connections 1024;
> }
> http {
> include mime.types;
> default_type application/octet-stream;
> sendfile on;
> keepalive_timeout 10m;
> server {
> listen 127.0.0.1:443;
> ssl on;
> ssl_prefer_server_ciphers on;
> ssl_protocols TLSv1.3;
> ssl_ciphers TLS13-AES-128-GCM-SHA256;
> #ssl_ecdh_curve secp384r1:X25519;
> ssl_certificate /usr/local/nginx/certs/nginx-selfsigned.crt;
> ssl_certificate_key /usr/local/nginx/certs/nginx-selfsigned.key;
> # ssl_dhparam     /usr/local/nginx/ssl/certs/dhparam.pem;
> ssl_session_tickets on;
> ssl_session_cache shared:SSL:10m;
> ssl_session_timeout 10m;
> keepalive_timeout 7200s;
> location / {root html;
> index index.html index.htm;
> }
> }
> }



Cheers,
Utkarsh


ᐧ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20170711/7050e231/attachment.html>


More information about the nginx-devel mailing list