diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-04-23 15:36:37 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-04-25 08:42:47 +0200 |
commit | 0e1f1f0558e733c39a55172fecbb42c96abc31d3 (patch) | |
tree | ef96a8e807d84388d3a57081163c4446ae76753a /lib/record.c | |
parent | badb8e4a67bd0b5657f5f7d2fe4d48f2bba30283 (diff) | |
download | gnutls-0e1f1f0558e733c39a55172fecbb42c96abc31d3.tar.gz |
handshake: fix timing of sending early data
Previously, the client was sending early data after receiving a Server
Hello message, which not only negates the benefit of 0-RTT, but also
was a logic error as it can only be decrypted by the server when the
initial handshake and the resuming handshake agree on the same
ciphersuites. This fixes that behavior in the following ways:
- extend the session data format to include the selected ciphersuites,
even in TLS 1.3
- setup the epoch for early data, right before the client sending
early data (also right after the server deciding to accept early
data).
- extend the test case to use different ciphersuites in the initial
and resuming handshakes
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'lib/record.c')
-rw-r--r-- | lib/record.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/record.c b/lib/record.c index cd9df80520..860b9897d6 100644 --- a/lib/record.c +++ b/lib/record.c @@ -2120,7 +2120,7 @@ ssize_t gnutls_record_send_early_data(gnutls_session_t session, * @data: the buffer that the data will be read into * @data_size: the number of requested bytes * - * This function can be used by a searver to retrieve data sent early + * This function can be used by a server to retrieve data sent early * in the handshake processes when resuming a session. This is used * to implement a zero-roundtrip (0-RTT) mode. It has the same * semantics as gnutls_record_recv(). |