[gnutls-devel] GnuTLS | Improved estimation of wait in gnutls_session_get_data2 (!936)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Mar 19 15:25:42 CET 2019




Nikos Mavrogiannopoulos commented on a discussion on lib/session.c:

>  	}
>  
>  	if (vers->tls13_sem && !(session->internals.hsk_flags & HSK_TICKET_RECEIVED)) {
> -		/* wait for a message with timeout of 1ms */
> -		ret = _gnutls_recv_in_buffers(session, GNUTLS_APPLICATION_DATA, -1, 50);
> +		unsigned ertt = session->internals.ertt;
> +		/* use our estimation of round-trip + some time for the server to calculate
> +		 * the value(s). */
> +		ertt += 100;

I do not know why, but in practice anything smaller than that 50ms results to session resumption randomly (or even consistently for low values) failing. Note that TLS1.3 servers although it is optional almost always send a session ticket so the delay is never the maximum value imposed here.

100 is set as maximum because I could not reliably time-bound how much time a server would take to transmit the next message (it may be loaded temporarily or so). I can set to something lower like 60 which seems to provide consistent results if you insist.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/936#note_152026130
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190319/edb4b60d/attachment-0001.html>


More information about the Gnutls-devel mailing list