Hi,
I've been trying to get 0-RTT resumption working with haproxy 1.8.16
and OpenSSL 1.1.1a.
No matter what I put in configuration file, testing with openssl
s_client always results in:
Max Early Data: 0
OK, let's look at ssl_sock.c
The only thing that seems to try to enable 0-RTT is this:
#ifdef OPENSSL_IS_BORINGSSL
if (allow_early)
SSL_set_early_data_enabled(ssl, 1);
#else
if (!allow_early)
SSL_set_max_early_data(ssl, 0);
#endif
But I fail to see how this is supposed to work. OpenSSL has 0-RTT
disabled by default. To enable this one must call
SSL_set_max_early_data with the amount of bytes it is willing to read.
The above simply does... nothing.
Is it supposed to work at all or do I miss something? ;)
--
Janusz Dziemidowicz
