Re: TLS 1.3 Early data
Hi, seconds after I send the previous mail, I found the bug in my code. It is working with Benjamin's suggestion. Thanks Jens On 12/11/2022 11:18, Dirk Menstermann wrote: Hi Benjamin, thanks for your response. I updated to 111s and replaced the SNI callback with the ClientHello callback as suggested, but still no luck. So far FF does not send early data if it was not configured before the handshake started. Do you have another idea? Best, Jens On 05/11/2022 21:12, Benjamin Kaduk wrote: On Sat, Nov 05, 2022 at 11:50:18AM +0100, Dirk Menstermann wrote: Hello, I did few experiments with early data but was not successful in solving my exotic use case: "Using early data dependent on the SNI" I control the server (linux, supports http2) based on OpenSSL 111q and use a recent firefox as client: 1) Setting SSL_CTX_set_max_early_data in the SSL_CTX* works (FF sends early data) 2) Setting SSL_set_max_early_data on the just created SSL* works (FF sends early data) 3) Setting SSL_set_max_early_data in the SNI callback during the handshake does not work (FF does not send early data) I guess there is a dirty way to "peek" into the client hello and parse it without OpenSSL, extracting the SNI and make it then like in 2), but I wonder if there is a better way. Any idea? The SNI callback runs far too late for this purpose (and, to be honest, a lot of other purposes). You should be able to use the client_hello callback for it, though (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html). Note that SSL_get_servername() does not provide something useful within the client hello callback execution and you'll have to do something like https://github.com/openssl/openssl/blob/master/test/helpers/handshake.c#L146-L198 in order to access the provided SNI value from the client. -Ben
Re: TLS 1.3 Early data
Hi Benjamin, thanks for your response. I updated to 111s and replaced the SNI callback with the ClientHello callback as suggested, but still no luck. So far FF does not send early data if it was not configured before the handshake started. Do you have another idea? Best, Jens On 05/11/2022 21:12, Benjamin Kaduk wrote: On Sat, Nov 05, 2022 at 11:50:18AM +0100, Dirk Menstermann wrote: Hello, I did few experiments with early data but was not successful in solving my exotic use case: "Using early data dependent on the SNI" I control the server (linux, supports http2) based on OpenSSL 111q and use a recent firefox as client: 1) Setting SSL_CTX_set_max_early_data in the SSL_CTX* works (FF sends early data) 2) Setting SSL_set_max_early_data on the just created SSL* works (FF sends early data) 3) Setting SSL_set_max_early_data in the SNI callback during the handshake does not work (FF does not send early data) I guess there is a dirty way to "peek" into the client hello and parse it without OpenSSL, extracting the SNI and make it then like in 2), but I wonder if there is a better way. Any idea? The SNI callback runs far too late for this purpose (and, to be honest, a lot of other purposes). You should be able to use the client_hello callback for it, though (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html). Note that SSL_get_servername() does not provide something useful within the client hello callback execution and you'll have to do something like https://github.com/openssl/openssl/blob/master/test/helpers/handshake.c#L146-L198 in order to access the provided SNI value from the client. -Ben
Re: TLS 1.3 Early data
On Sat, Nov 05, 2022 at 11:50:18AM +0100, Dirk Menstermann wrote: > Hello, > > I did few experiments with early data but was not successful in solving my > exotic use case: "Using early data dependent on the SNI" > > I control the server (linux, supports http2) based on OpenSSL 111q and use a > recent firefox as client: > > 1) Setting SSL_CTX_set_max_early_data in the SSL_CTX* works (FF sends early > data) > 2) Setting SSL_set_max_early_data on the just created SSL* works (FF sends > early > data) > 3) Setting SSL_set_max_early_data in the SNI callback during the handshake > does > not work (FF does not send early data) > > I guess there is a dirty way to "peek" into the client hello and parse it > without OpenSSL, extracting the SNI and make it then like in 2), but I wonder > if > there is a better way. > > Any idea? The SNI callback runs far too late for this purpose (and, to be honest, a lot of other purposes). You should be able to use the client_hello callback for it, though (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html). Note that SSL_get_servername() does not provide something useful within the client hello callback execution and you'll have to do something like https://github.com/openssl/openssl/blob/master/test/helpers/handshake.c#L146-L198 in order to access the provided SNI value from the client. -Ben
TLS 1.3 Early data
Hello, I did few experiments with early data but was not successful in solving my exotic use case: "Using early data dependent on the SNI" I control the server (linux, supports http2) based on OpenSSL 111q and use a recent firefox as client: 1) Setting SSL_CTX_set_max_early_data in the SSL_CTX* works (FF sends early data) 2) Setting SSL_set_max_early_data on the just created SSL* works (FF sends early data) 3) Setting SSL_set_max_early_data in the SNI callback during the handshake does not work (FF does not send early data) I guess there is a dirty way to "peek" into the client hello and parse it without OpenSSL, extracting the SNI and make it then like in 2), but I wonder if there is a better way. Any idea? Thanks Dirk