[gnutls-devel] GnuTLS | add support for 0-RTT (!775)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Oct 25 16:05:26 CEST 2018
Daiki Ueno commented on a discussion on doc/cha-gtls-app.texi:
> +
> + ret = gnutls_record_recv_early_data(session, buffer, sizeof(buffer));
> + assert(ret >= 0);
> +
> + ...
> +
> + return ret;
> +@}
> +
> +int main()
> +@{
> + ...
> +
> + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_END_OF_EARLY_DATA,
> + GNUTLS_HOOK_POST, handshake_hook_func);
> + ...
> On the receiving size, do you see an advantage in that separation in practice?
RFC 8470 actually suggests that the server could defer processing of early data only after the handshake is completed, to mitigate the replay risks in case the anti-replay measure doesn't work.
In any case, I think the current API is sufficient to cover both use-cases; maybe later, we could add convenient API on top of it.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/775#note_111837959
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181025/bd16385b/attachment-0001.html>
More information about the Gnutls-devel
mailing list