czw., 3 sty 2019 o 17:52 Olivier Houchard <ohouch...@haproxy.com> napisaƂ(a):
> Ah I think I figured it out.
> OpenSSL added anti-replay protection when using early data, and it messes up
> with the session handling.
> With the updated attached patch, I get early data to work again. Is it better
> for you ?

Now it works.
However, I am a bit concerned about disabling something that sounds
like an important safeguard.
Reading this 
https://www.openssl.org/docs/man1.1.1/man3/SSL_SESSION_get_max_early_data.html#REPLAY-PROTECTION
suggests that it is really not a wise thing to do.

And again, s_server works differently. It does not use
SSL_OP_NO_ANTI_REPLAY but the resumption, with early data, works,
once. Then you get new session that you can resume again if you wish,
but also once. You cannot resume the same session twice. With your
patch I can resume single session as many times as I wish. Coupled
with early data this is exactly something that TLS 1.3 RFC warns
against. This probably is due to haproxy using external session
management.

I'll try to dig more into this on weekend, now that I know where to look.

-- 
Janusz Dziemidowicz

Reply via email to