On Wed, Jan 09, 2019 at 04:21:03PM +0100, Olivier Houchard wrote:
> Can you push the attached patches ?
Sure, now done, thanks!
Willy
Hi Willy,
On Tue, Jan 08, 2019 at 03:44:07PM +0100, Willy Tarreau wrote:
> On Tue, Jan 08, 2019 at 03:27:58PM +0100, Olivier Houchard wrote:
> > On Tue, Jan 08, 2019 at 03:00:32PM +0100, Janusz Dziemidowicz wrote:
> > > pt., 4 sty 2019 o 11:59 Olivier Houchard
> > > napisa??(a):
> > > However,
On Tue, Jan 08, 2019 at 03:27:58PM +0100, Olivier Houchard wrote:
> On Tue, Jan 08, 2019 at 03:00:32PM +0100, Janusz Dziemidowicz wrote:
> > pt., 4 sty 2019 o 11:59 Olivier Houchard
> > napisa??(a):
> > However, I believe in general this is a bit more complicated. RFC 8446
> > described this in
On Tue, Jan 08, 2019 at 03:00:32PM +0100, Janusz Dziemidowicz wrote:
> pt., 4 sty 2019 o 11:59 Olivier Houchard napisa??(a):
> > I understand the concern.
> > I checked and both nghttp2 and nginx disable the replay protection. The idea
> > is you're supposed to allow early data only on harmless
pt., 4 sty 2019 o 11:59 Olivier Houchard napisał(a):
> I understand the concern.
> I checked and both nghttp2 and nginx disable the replay protection. The idea
> is you're supposed to allow early data only on harmless requests anyway, ie
> ones that could be replayed with no consequence.
Sorry
Hi Janusz,
On Fri, Jan 04, 2019 at 10:53:51AM +0100, Janusz Dziemidowicz wrote:
> czw., 3 sty 2019 o 17:52 Olivier Houchard napisa??(a):
> > Ah I think I figured it out.
> > OpenSSL added anti-replay protection when using early data, and it messes up
> > with the session handling.
> > With the
czw., 3 sty 2019 o 17:52 Olivier Houchard napisał(a):
> Ah I think I figured it out.
> OpenSSL added anti-replay protection when using early data, and it messes up
> with the session handling.
> With the updated attached patch, I get early data to work again. Is it better
> for you ?
Now it
Hi Janusz,
On Thu, Jan 03, 2019 at 11:49:35AM +0100, Janusz Dziemidowicz wrote:
> ??r., 2 sty 2019 o 19:04 Olivier Houchard napisa??(a):
> > You're right indeed. 0RTT was added with a development version of OpenSSL
> > 1.1.1,
> > which had a default value for max early data of 16384, but it was
śr., 2 sty 2019 o 19:04 Olivier Houchard napisał(a):
> You're right indeed. 0RTT was added with a development version of OpenSSL
> 1.1.1,
> which had a default value for max early data of 16384, but it was changed to
> 0 in the meanwhile.
> Does the attached patch work for you ?
This indeed
Hi Janusz,
On Sun, Dec 30, 2018 at 05:38:26PM +0100, Janusz Dziemidowicz wrote:
> Hi,
> I've been trying to get 0-RTT resumption working with haproxy 1.8.16
> and OpenSSL 1.1.1a.
> No matter what I put in configuration file, testing with openssl
> s_client always results in:
> Max Early Data:
Hi,
I've been trying to get 0-RTT resumption working with haproxy 1.8.16
and OpenSSL 1.1.1a.
No matter what I put in configuration file, testing with openssl
s_client always results in:
Max Early Data: 0
OK, let's look at ssl_sock.c
The only thing that seems to try to enable 0-RTT is this:
11 matches
Mail list logo
