[nginx] QUIC: discarding 0-RTT keys.
Sergey Kandaurov
pluknet at nginx.com
Fri Aug 9 16:56:34 UTC 2024
details: https://hg.nginx.org/nginx/rev/906a42885ce2
branches:
changeset: 9273:906a42885ce2
user: Sergey Kandaurov <pluknet at nginx.com>
date: Fri Aug 09 19:12:25 2024 +0400
description:
QUIC: discarding 0-RTT keys.
For simplicity, this is done on successful decryption of a 1-RTT packet.
diffstat:
src/event/quic/ngx_event_quic.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diffs (20 lines):
diff -r 6392cb0d83e8 -r 906a42885ce2 src/event/quic/ngx_event_quic.c
--- a/src/event/quic/ngx_event_quic.c Fri Aug 09 19:12:23 2024 +0400
+++ b/src/event/quic/ngx_event_quic.c Fri Aug 09 19:12:25 2024 +0400
@@ -1022,6 +1022,16 @@ ngx_quic_handle_payload(ngx_connection_t
}
}
+ if (pkt->level == ssl_encryption_application) {
+ /*
+ * RFC 9001, 4.9.3. Discarding 0-RTT Keys
+ *
+ * After receiving a 1-RTT packet, servers MUST discard
+ * 0-RTT keys within a short time
+ */
+ ngx_quic_discard_ctx(c, ssl_encryption_early_data);
+ }
+
if (qc->closing) {
/*
* RFC 9000, 10.2. Immediate Close
More information about the nginx-devel
mailing list