On Fri, 2018-12-14 at 02:42 +0300, Sergey Kandaurov wrote: > > On 6 Dec 2018, at 19:20, Jan Prachař <jan.prac...@gmail.com> wrote: > > > > On Thu, 2018-12-06 at 18:13 +0300, Sergey Kandaurov wrote: > > > > On 6 Dec 2018, at 02:39, Honza Prachař <jan.prac...@gmail.com> > > > > wrote: > > > > > > > > Hello! FYI there is an issue with TLS 1.3 Early data in OpenSSL > > > > – > > > > https://github.com/openssl/openssl/issues/7757 > > > > > > > > So maybe you would want to consider ignoring Early data with > > > > HTTP/2 > > > > and OpenSSL. Or try to fix the problem on the nginx side, i.e. > > > > do > > > > not call SSL_read_early_data() until all pending data is > > > > written > > > > with SSL_write_early_data(). > > > > > > Hello. > > > > > > This is not strictly related to HTTP/2. > > > I could reproduce it with s_client -early_data over HTTP/1.1, > > > where 1st request is sent in 0-RTT, and 2nd - after handshake. > > > > > > This quick workaround helped me. The idea is that we block > > > reading > > > if SSL_write_early_data returned SSL_ERROR_WANT_WRITE, until one > > > of > > > the next SSL_write_early_data will succeed. In practice, we > > > won't > > > read until there's also no more data to send. For static > > > content, > > > that means that we will continue to read only after the whole > > > file > > > was sent. This doesn't look perfect but seems to work. > > > > This patch works for me too. SSL_read_early_data waits until all > > requested files are sent. Then the handshake is finished. > > Thanks. > It would be nice if you could also try this patch instead. > Unlike previous, this one is closer to what would be committed.
I can confirm that provided patch works for me. _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
