[gnutls-devel] GnuTLS | boringssl early data is rejected by gnutls server because of the client ticket age > the server ticket age (#1403)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Oct 2 04:39:16 CEST 2022

Tatsuhiro Tsujikawa commented:

> expected_arrival_time = adjusted_creation_time + clients_ticket_age


> adjusted_creation_time = creation_time + estimated_RTT
> clients_ticket_age = obfuscated_ticket_age - ticket_age_add

I do not see server_ticket_age >= client_ticket_age to calculate expected_arrival_time.  Why is that condition necessary?

Client Hello Recording records Client Hello received in the system configured window and its edges are not necessarily be dependent on the server_ticket_age of particular ticket.  It seems to me that GnuTLS uses that window to check ticket freshness but I think they are different things.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1403#note_1121527763
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20221002/5d86f19b/attachment.html>

More information about the Gnutls-devel mailing list