Hi,
I've been trying to get 0-RTT resumption working with haproxy 1.8.16
and OpenSSL 1.1.1a.
No matter what I put in configuration file, testing with openssl
s_client always results in:
    Max Early Data: 0

OK, let's look at ssl_sock.c
The only thing that seems to try to enable 0-RTT is this:
#ifdef OPENSSL_IS_BORINGSSL
        if (allow_early)
                SSL_set_early_data_enabled(ssl, 1);
#else
        if (!allow_early)
                SSL_set_max_early_data(ssl, 0);
#endif

But I fail to see how this is supposed to work. OpenSSL has 0-RTT
disabled by default. To enable this one must call
SSL_set_max_early_data with the amount of bytes it is willing to read.
The above simply does... nothing.

Is it supposed to work at all or do I miss something? ;)

-- 
Janusz Dziemidowicz

Reply via email to