Discussion:
SSL: Accepting early data in TLSv1.3
Utkarsh Tewari
2017-07-11 18:00:50 UTC
Permalink
Hello,

I am using OpenSSL s_client to send early data during resumption over a
TLS1.3 connection. However, the server rejects it as shown below.


Reused, TLSv1.3, Cipher is TLS13-AES-128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
*Early data was rejected*
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS13-AES-128-GCM-SHA256


Is there any way to accept early data on the server?

I am using a basic server config:

worker_processes 1;
events {worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 10m;
server {
listen 127.0.0.1:443;
ssl on;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.3;
ssl_ciphers TLS13-AES-128-GCM-SHA256;
#ssl_ecdh_curve secp384r1:X25519;
ssl_certificate /usr/local/nginx/certs/nginx-selfsigned.crt;
ssl_certificate_key /usr/local/nginx/certs/nginx-selfsigned.key;
# ssl_dhparam /usr/local/nginx/ssl/certs/dhparam.pem;
ssl_session_tickets on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
keepalive_timeout 7200s;
location / {root html;
index index.html index.htm;
}
}
}
Cheers,
Utkarsh


ᐧ
Maxim Dounin
2017-07-11 18:33:24 UTC
Permalink
Hello!
Post by Utkarsh Tewari
Hello,
I am using OpenSSL s_client to send early data during resumption over a
TLS1.3 connection. However, the server rejects it as shown below.
Reused, TLSv1.3, Cipher is TLS13-AES-128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
*Early data was rejected*
Protocol : TLSv1.3
Cipher : TLS13-AES-128-GCM-SHA256
Is there any way to accept early data on the server?
No. As of now, early data is not supported by nginx.

Note well that early data requires special handling and using it
implies different security guarantees from the protocol - notably,
there is no replay protection. If/when supported, early data will
not be enabled by default, but instead will require an explicit
configuration option to enable it.
--
Maxim Dounin
http://nginx.org/
Sergey Kandaurov
2017-07-12 14:07:44 UTC
Permalink
Post by Utkarsh Tewari
Hello,
I am using OpenSSL s_client to send early data during resumption over a TLS1.3 connection. However, the server rejects it as shown below.
[..]
Is there any way to accept early data on the server?
There’s ongoing work to address TLS1.3 early data support in nginx.
No ETA yet.
--
Sergey Kandaurov
Loading...