Matt Caswell <m...@openssl.org> 于2018年9月12日周三 下午4:16写道:
> > > On 12/09/18 08:07, John Jiang wrote: > > I just build OpenSSL 1.1.1 on MacOSX. > > Tried 0-RTT, and the commands like the followings, > > openssl s_server -cert server.cer -key server.key -tls1_3 -early_data > > -accept 9443 > > ... > > openssl s_client -CAfile ca.cer -tls1_3 -sess_in openssl.sess > > -early_data data -connect localhost:9443 > > > > s_client reported > > New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 > > The "New" here means that the resumption attempt failed. Successful > resumption is a pre-requisite for early data. How did you create > "openssl.sess"? > openssl s_client -CAfile ca.cer -tls1_3 -sess_out openssl.sess -connect localhost:9443 I just re-tried my test case. Re-started s_server and did two connection. The second connection reported: Reused, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was rejected Verify return code: 0 (ok) It looks the session was resumed, but early data still was rejected. > Matt > > > > ... > > Early data was rejected > > Verify return code: 0 (ok) > > > > What's wrong with my testing? > > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
