Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-31 Thread Willy Tarreau
On Tue, Oct 31, 2017 at 01:35:16PM +0100, Olivier Houchard wrote: > The attached patch removes the global ssl-allow-0rtt option. Merged, thanks! Willy

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-31 Thread Olivier Houchard
On Fri, Oct 27, 2017 at 03:54:27PM +0200, Emmanuel Hocdet wrote: > > > Le 27 oct. 2017 à 15:02, Olivier Houchard a écrit : > > > > The attached patch does use the ssl_conf, instead of abusing ssl_options. > > I also added a new field in global_ssl, I wasn't so sure about

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Willy Tarreau
On Fri, Oct 27, 2017 at 03:54:27PM +0200, Emmanuel Hocdet wrote: > > Le 27 oct. 2017 à 15:02, Olivier Houchard a écrit : > > > > The attached patch does use the ssl_conf, instead of abusing ssl_options. > > I also added a new field in global_ssl, I wasn't so sure about

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Emmanuel Hocdet
> Le 27 oct. 2017 à 15:02, Olivier Houchard a écrit : > > The attached patch does use the ssl_conf, instead of abusing ssl_options. > I also added a new field in global_ssl, I wasn't so sure about this, but > decided people may want to enable 0RTT globally. > > Emmanuel,

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Olivier Houchard
Hi, On Fri, Oct 27, 2017 at 12:45:36PM +0200, Olivier Houchard wrote: > On Fri, Oct 27, 2017 at 12:36:31PM +0200, Emmanuel Hocdet wrote: > > > > > Le 27 oct. 2017 ?? 11:22, Emmanuel Hocdet a ??crit : > > > > > > Hi Olivier > > > > > >> Le 27 oct. 2017 ?? 01:08, Olivier

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Olivier Houchard
On Fri, Oct 27, 2017 at 12:36:31PM +0200, Emmanuel Hocdet wrote: > > > Le 27 oct. 2017 ?? 11:22, Emmanuel Hocdet a ??crit : > > > > Hi Olivier > > > >> Le 27 oct. 2017 ?? 01:08, Olivier Houchard a > >> ??crit : > >> > >> Hi, > >> > >> You'll find

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Olivier Houchard
On Fri, Oct 27, 2017 at 11:22:15AM +0200, Emmanuel Hocdet wrote: > Hi Olivier > > > Le 27 oct. 2017 ?? 01:08, Olivier Houchard a ??crit > > : > > > > Hi, > > > > You'll find attached updated patches, rebased on the latest master, and on > > top of Emmanuel's latest

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Emmanuel Hocdet
> Le 27 oct. 2017 à 11:22, Emmanuel Hocdet a écrit : > > Hi Olivier > >> Le 27 oct. 2017 à 01:08, Olivier Houchard a écrit : >> >> Hi, >> >> You'll find attached updated patches, rebased on the latest master, and on >> top of Emmanuel's latest patches

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Emmanuel Hocdet
Hi Olivier > Le 27 oct. 2017 à 01:08, Olivier Houchard a écrit : > > Hi, > > You'll find attached updated patches, rebased on the latest master, and on > top of Emmanuel's latest patches (also attached for reference). > This version allows to enable 0RTT per SNI. > It

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-27 Thread Willy Tarreau
Hi Olivier, On Fri, Oct 27, 2017 at 01:08:05AM +0200, Olivier Houchard wrote: > Hi, > > You'll find attached updated patches, rebased on the latest master, and on > top of Emmanuel's latest patches (also attached for reference). > This version allows to enable 0RTT per SNI. > It unfortunately

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-26 Thread Olivier Houchard
Hi, You'll find attached updated patches, rebased on the latest master, and on top of Emmanuel's latest patches (also attached for reference). This version allows to enable 0RTT per SNI. It unfortunately still can't send early data to servers, this may or may not happen later. Regards, Olivier

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-03 Thread Emmanuel Hocdet
Hi Olivier, Great to see a version of more ‘secure’ 0-RTT implementation. > Le 2 oct. 2017 à 17:18, Olivier Houchard a écrit : > > Hi, > > The attached patches add experimental support for 0-RTT with OpenSSL 1.1.1 > They are based on Emmanuel's previous patches, so I'm

Re: [PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-02 Thread Olivier Houchard
Hi Igor, On Tue, Oct 03, 2017 at 12:06:05AM +0800, Igor Pav wrote: > It's excited, does server line(client side) support 0-rtt? > Unfortunately, it does not yet. I'm investigating adding it. Regards, Olivier > On Mon, Oct 2, 2017 at 11:18 PM, Olivier Houchard >

[PATCHES][ssl] Add 0-RTT support with OpenSSL 1.1.1

2017-10-02 Thread Olivier Houchard
Hi, The attached patches add experimental support for 0-RTT with OpenSSL 1.1.1 They are based on Emmanuel's previous patches, so I'm submitting them again, updated to reflect the changes in OpenSSL API, and with a few fixes. To allow the use of early data, one has to explicitely add "allow-0rtt"