[gnutls-devel] GnuTLS | WIP: add support for 0-RTT (!775)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Wed Oct 17 08:34:48 CEST 2018
Nikos Mavrogiannopoulos started a new discussion on doc/cha-gtls-app.texi:
> return early, allowing the server to send data earlier.
>
> +Under TLS 1.3, when the server and client share a @acronym{PSK}, the
> +client side can start transmitting application data during handshake.
> +This is called zero round-trip time (0-RTT) mode, and the application
> +data sent in this mode is called early data.
> +
> +Note, however, that early data has weaker security properties than
> +normal application data sent after handshake, such as lack of forward
> +secrecy, no guarantees of non-replay between connections. Thus it is
> +disabled on the server side by default. To enable it, set
> + at acronym{GNUTLS_ENABLE_EARLY_DATA} on @funcref{gnutls_init}. Then the
> +client can send early data with @funcref{gnutls_record_send_early_data}
> +and the server can receive it with
> + at funcref{gnutls_record_recv_early_data}.
> +
Two questions that arise after reading it, is what happens if the server does not read that data? and when should a server call the `gnutls_record_recv_early_data`?
That is, is the server expected to call this function during the handshake or after it, or it can be both?
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/775#note_109394561
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181017/1414e813/attachment-0001.html>
More information about the Gnutls-devel
mailing list