[gnutls-devel] GnuTLS | Improve 0-RTT handling in gnutls-serv/gnutls-cli (!1936)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Feb 16 20:54:53 CET 2025 


Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1936 was reviewed by Sahil Siddiq

--
  
Sahil Siddiq commented on a discussion: https://gitlab.com/gnutls/gnutls/-/merge_requests/1936#note_2350107420


>From the description above:
```
max_early_data_size is initialized as 0 on the client side, and set only after receiving NewSessionTicket. There are, however, no ways to preserve the max_early_data_size value across multiple calls to gnutls_init.
```
Based on what I have understood, `max_early_data_size` is set for the first time when the client receives NewSessionTicket during the second session. `gnutls_record_set_max_early_data_size` is then used to persist this value so that the client retains this without having to receive another session ticket in subsequent sessions. Is my understanding correct?

I tried running the test on my machine. It fails when trying to reconnect to the server. Here's the output:

```
reserved port 53868
Echo Server listening on IPv4 0.0.0.0 port 53868...done
Echo Server listening on IPv6 :: port 53868...done
error sending early data
Error in handshake: The TLS connection was non-properly terminated.
Processed 1 CA certificate(s).
Resolving 'localhost:53868'...
Connecting to '::1:53868'...
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
 - subject `CN=localhost', issuer `CN=GnuTLS Test CA', serial 0x53662b3911be18cb, EC/ECDSA key 256 bits, signed using RSA-SHA256, activated `2014-05-04 11:57:46 UTC', expires `9999-12-31 23:59:59 UTC', pin-sha256="3BRRBzy9UTnQoTsZrEiVZm9GKvX1V946kDNinW6F2L4="
        Public Key ID:
                sha1:bef600c6246b60eab5f813c9a5d5e0c929d5d733
                sha256:dc1451073cbd5139d0a13b19ac4895666f462af5f557de3a9033629d6e85d8be
        Public Key PIN:
                pin-sha256:3BRRBzy9UTnQoTsZrEiVZm9GKvX1V946kDNinW6F2L4=

- Status: The certificate is trusted. 
- Description: (TLS1.3-X.509)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
- Session ID: 93:44:5A:90:69:E2:D3:1E:44:21:4D:47:CE:34:77:65:13:FB:72:81:DC:21:29:E3:51:97:B1:CC:16:5C:F3:52
- Options:
- Handshake was completed
- Disconnecting


- Connecting again- trying to resume previous session
Resolving 'localhost:53868'...
Connecting to '::1:53868'...
Failure: failed to communicate with the server
Exiting via signal 15
unreserved port 53868
FAIL gnutls-cli-earlydata.sh (exit status: 1)
```


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1936
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250216/76a0ca83/attachment.html>

More information about the Gnutls-devel mailing list