[gnutls-devel] GnuTLS | GnuTLS client sends early data after receiving Server Hello (#1146)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon Jan 25 10:37:52 CET 2021

Daiki Ueno commented:

Thank you so much for the report, and sorry for the long delay.  Yes, it's indeed bad (as that means the 0-RTT in client doesn't work at all, sigh...), though the fix wouldn't be trivial, because:
- the session data stored by the client needs to record the previously negotiated version and ciphersuites; which is not the case currently and it's determined only after the server advertises those
- the epoch management mechanism doesn't take into account of those parameters as well, so we need to save/restore the parameters around sending early data

I'll pick this up in the next release (3.7.1) anyway.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1146#note_492973603
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210125/e2471f3b/attachment.html>

More information about the Gnutls-devel mailing list