Re: [openssl-users] session resumption tls1.2/tls1.3

2017-08-01 Thread Neetish Pathak
On Tue, Aug 1, 2017 at 10:46 AM, Neetish Pathak wrote: > > > On Mon, Jul 31, 2017 at 2:00 PM, Matt Caswell wrote: > >> >> >> On 31/07/17 20:37, Neetish Pathak wrote: >> > On 26/07/17 00:05, Neetish Pathak wrote: >> > >> *Pseudocode for server* >>

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-08-01 Thread Neetish Pathak
On Mon, Jul 31, 2017 at 2:00 PM, Matt Caswell wrote: > > > On 31/07/17 20:37, Neetish Pathak wrote: > > On 26/07/17 00:05, Neetish Pathak wrote: > > >> *Pseudocode for server* > > >> * > > >> * > > >> tcp_accept > > >> * > > >>

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-31 Thread Matt Caswell
On 31/07/17 20:37, Neetish Pathak wrote: > On 26/07/17 00:05, Neetish Pathak wrote: > >> *Pseudocode for server* > >> * > >> * > >> tcp_accept > >> * > >> * > >> read_early{ > >> > >> if(read_early_success){ > >>

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-31 Thread Neetish Pathak
On Mon, Jul 31, 2017 at 9:43 AM, Matt Caswell wrote: > Apologies for the delayed response - I've been away on holiday. Comments > inserted below. > No problem thanks for the replies > > Matt > > > On 26/07/17 00:05, Neetish Pathak wrote: > >> *Pseudocode for server* > >>

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-31 Thread Matt Caswell
On 31/07/17 17:43, Matt Caswell wrote: > It could be the NewSessionTicket message going from the server to the > client. But if so that is a little strange. The NST message is only sent > after the handshake is complete (so no more early data is possible). At > this point SSL_read_early_data()

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-31 Thread Matt Caswell
Apologies for the delayed response - I've been away on holiday. Comments inserted below. Matt On 26/07/17 00:05, Neetish Pathak wrote: >> *Pseudocode for server* >> * >> * >> tcp_accept >> * >> * >> read_early{ >> >> if(read_early_success){ >>

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-27 Thread Benjamin Kaduk via openssl-users
On 07/25/2017 06:05 PM, Neetish Pathak wrote: > > > Please provide any comments if you have or how I should go about > debugging it. Correct me if I am doing it wrong > I don't really have any good suggestions for debugging it. It might be interesting to run in a debugger and collect full

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-25 Thread Neetish Pathak
Thanks Ben for your reply On Tue, Jul 25, 2017 at 6:11 AM, Benjamin Kaduk wrote: > [Matt's reply is likely to be high latency] > > > On 07/24/2017 08:53 PM, Neetish Pathak wrote: > > > > On Wed, Jul 19, 2017 at 2:27 AM, Matt Caswell wrote: > >> >> >> On

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-25 Thread Benjamin Kaduk via openssl-users
[Matt's reply is likely to be high latency] On 07/24/2017 08:53 PM, Neetish Pathak wrote: > > > On Wed, Jul 19, 2017 at 2:27 AM, Matt Caswell > wrote: > > > > On 18/07/17 22:27, Neetish Pathak wrote: > > Hi , > > thanks Matt, this is

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-24 Thread Neetish Pathak
On Wed, Jul 19, 2017 at 2:27 AM, Matt Caswell wrote: > > > On 18/07/17 22:27, Neetish Pathak wrote: > > Hi , > > thanks Matt, this is helpful > > > > > > One more query on how I can enable 0.5 RTT data from the server side. It > > is mentioned in TLS 1.3 specification. I

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-21 Thread Neetish Pathak
Thanks everyone for clarification on previous queries 1) I had a general query regarding the handshake resumptions. Since during the session resumption handshake in either TLS 1.2 or TLS 1.3 the key exchange does not take place, the client side and the server side both resume based on a

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-19 Thread Matt Caswell
On 18/07/17 22:27, Neetish Pathak wrote: > Hi , > thanks Matt, this is helpful > > > One more query on how I can enable 0.5 RTT data from the server side. It > is mentioned in TLS 1.3 specification. I thought it can be implemented > by sending early data from server side after reading the

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-18 Thread Viktor Dukhovni
On Mon, Jul 17, 2017 at 09:54:39AM +0100, Matt Caswell wrote: >In the default case a server will just use the > internal session cache. You can populate that cache manually using > SSL_CTX_add_session(). So if you have a set of pre-existing SSL_SESSION > objects (perhaps

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-18 Thread Neetish Pathak
On Mon, Jul 17, 2017 at 1:54 AM, Matt Caswell wrote: > > > On 14/07/17 20:18, Neetish Pathak wrote: > > > > > > On Fri, Jul 14, 2017 at 2:54 AM, Matt Caswell > > wrote: > > > > > > > > On 13/07/17 23:52, Neetish Pathak wrote: > >

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-17 Thread Matt Caswell
On 14/07/17 20:18, Neetish Pathak wrote: > > > On Fri, Jul 14, 2017 at 2:54 AM, Matt Caswell > wrote: > > > > On 13/07/17 23:52, Neetish Pathak wrote: > > Hi All, > > Help with these queries please, > > > > 1) Is it possible

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-14 Thread Neetish Pathak
On Fri, Jul 14, 2017 at 2:54 AM, Matt Caswell wrote: > > > On 13/07/17 23:52, Neetish Pathak wrote: > > Hi All, > > Help with these queries please, > > > > 1) Is it possible to use external session files (with session info as > > identifiers or tickets for out of band

Re: [openssl-users] session resumption tls1.2/tls1.3

2017-07-14 Thread Matt Caswell
On 13/07/17 23:52, Neetish Pathak wrote: > Hi All, > Help with these queries please, > > 1) Is it possible to use external session files (with session info as > identifiers or tickets for out of band resumption) for session > resumption in TLS 1.2. Does it need some kind of callback like the