[gnutls-devel] GnuTLS | GnuTLS client sends early data after receiving Server Hello (#1146)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Apr 25 10:44:09 CEST 2021




Daiki Ueno commented:


@tatsuhiro-t apologies for the long delay; I've just pushed a fix to the master.

When I send early data with `gnutls-cli`:
```console
$ ./src/gnutls-cli -p 5556 127.0.0.1 --priority "NORMAL:-VERS-ALL:+VERS-TLS1.3" --earlydata <(echo "earlydata") --insecure --inline-commands
[...]
^resume^
```
against `openssl s_server`:
```console
$ openssl s_server -accept 5556 -keyform pem -certform pem -key doc/credentials/x509/key-rsa.pem -cert doc/credentials/x509/cert-rsa.pem -CAfile doc/credentials/x509/ca.pem -early_data
```

The packet sequence now look like:
```console
   24 10.300286012    127.0.0.1 → 127.0.0.1    TLSv1 482 Client Hello
   25 10.300309262    127.0.0.1 → 127.0.0.1    TCP 66 5556 → 34978 [ACK] Seq=1 Ack=417 Win=65152 Len=0 TSval=362463014 TSecr=362463014
   26 10.300359282    127.0.0.1 → 127.0.0.1    TLSv1.3 98 Application Data
   27 10.300368542    127.0.0.1 → 127.0.0.1    TCP 66 5556 → 34978 [ACK] Seq=1 Ack=449 Win=65152 Len=0 TSval=362463014 TSecr=362463014
   28 10.300880960    127.0.0.1 → 127.0.0.1    TLSv1.3 360 Server Hello, Change Cipher Spec, Encrypted Extensions, Finished
   29 10.300897610    127.0.0.1 → 127.0.0.1    TCP 66 34978 → 5556 [ACK] Seq=449 Ack=295 Win=65280 Len=0 TSval=362463015 TSecr=362463015
   30 10.301572698    127.0.0.1 → 127.0.0.1    TLSv1.3 92 End of Early Data
```
while previously it was:
```
   27 7.057079556    127.0.0.1 → 127.0.0.1    TLSv1 482 Client Hello
   28 7.057102046    127.0.0.1 → 127.0.0.1    TCP 66 5556 → 35090 [ACK] Seq=1 Ack=417 Win=65152 Len=0 TSval=362604732 TSecr=362604732
   29 7.057681034    127.0.0.1 → 127.0.0.1    TLSv1.3 360 Server Hello, Change Cipher Spec, Encrypted Extensions, Finished
   30 7.057709954    127.0.0.1 → 127.0.0.1    TCP 66 35090 → 5556 [ACK] Seq=417 Ack=295 Win=65280 Len=0 TSval=362604732 TSecr=362604732
   31 7.058178572    127.0.0.1 → 127.0.0.1    TLSv1.3 72 Change Cipher Spec
   32 7.058191232    127.0.0.1 → 127.0.0.1    TCP 66 5556 → 35090 [ACK] Seq=295 Ack=423 Win=65536 Len=0 TSval=362604733 TSecr=362604733
   33 7.058245462    127.0.0.1 → 127.0.0.1    TLSv1.3 98 Application Data
   34 7.058263172    127.0.0.1 → 127.0.0.1    TCP 66 5556 → 35090 [ACK] Seq=295 Ack=455 Win=65536 Len=0 TSval=362604733 TSecr=362604733
   35 7.058464272    127.0.0.1 → 127.0.0.1    TLSv1.3 92 End of Early Data
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1146#note_559777770
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210425/708797d4/attachment-0001.html>


More information about the Gnutls-devel mailing list