[gnutls-devel] GnuTLS | boringssl early data is rejected by gnutls server because of the client ticket age > the server ticket age (#1403)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sun Oct 2 04:39:16 CEST 2022
Tatsuhiro Tsujikawa commented:
> expected_arrival_time = adjusted_creation_time + clients_ticket_age
> adjusted_creation_time = creation_time + estimated_RTT
> clients_ticket_age = obfuscated_ticket_age - ticket_age_add
I do not see server_ticket_age >= client_ticket_age to calculate expected_arrival_time. Why is that condition necessary?
Client Hello Recording records Client Hello received in the system configured window and its edges are not necessarily be dependent on the server_ticket_age of particular ticket. It seems to me that GnuTLS uses that window to check ticket freshness but I think they are different things.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1403#note_1121527763
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel