[gnutls-devel] GnuTLS | For 2nd ClientHello in 0-RTT(TLS1.3), it should not be encrypted and early data extension should not exist. (#1429)

[Read-only notification of GnuTLS library development activities]

Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/gnutls/-/issues/1429#note_1219572941

I wrote:

> Anyway I think I was able to reproduce it partially with gnutls-serv/gnutls-cli:

Actually this only happens with KTLS enabled on the system.

> export GNUTLS_NEXT_CLI=gnutls-cli

It looks like GNUTLS_NEXT_SERV also needs to be set (otherwise the complete test case is skipped).

With this, I cannot reproduce the issues: the server responds with Server Hello in the second handshake without HRR, and thus there is no chance that the client sends Client Hello twice.

I'm attaching the logs ([o-cli-1.log](/uploads/5f5d1bcdb1b3072b92b89e774a380192/o-cli-1.log) and [o-srv-1.log](/uploads/c602c589e548cb19c171417b069598ba/o-srv-1.log)) and [hrr.pcapng](/uploads/9a201c808cbdd0c282a3593fe7a19655/hrr.pcapng). Could you take a look?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1429#note_1219572941
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20221223/023be469/attachment.html>