Hi Igor, On Tue, Oct 03, 2017 at 12:06:05AM +0800, Igor Pav wrote: > It's excited, does server line(client side) support 0-rtt? >
Unfortunately, it does not yet. I'm investigating adding it. Regards, Olivier > On Mon, Oct 2, 2017 at 11:18 PM, Olivier Houchard <[email protected]> > wrote: > > Hi, > > > > The attached patches add experimental support for 0-RTT with OpenSSL 1.1.1 > > They are based on Emmanuel's previous patches, so I'm submitting them again, > > updated to reflect the changes in OpenSSL API, and with a few fixes. > > To allow the use of early data, one has to explicitely add "allow-0rtt" to > > its bind line. If early data are provided by the client, a > > "Early-Data: 1" header will be added, to let the origin server know that. > > > > Because early data have security implications, a new sample fetch was added, > > "ssl_fc_has_early", a boolean that will be evaluated to true if early data > > were provided, as well as new action, "wait-for-handshake", which will make > > haproxy wait for the completion of the SSL handshake before processing the > > request. After the handshake, early data are considered as normal data, and > > they won't be reported to the origin server. > > > > As usual, bugs are to be expected, and any review and/or test will be > > appreciated. > > > > Regards, > > > > Olivier >
