On Wed, Apr 26, 2017 at 10:00:19PM +1000, Martin Thomson wrote: > On 26 April 2017 at 17:19, Ilari Liusvaara <ilariliusva...@welho.com> wrote: > > AFAIK, the only situations where client can abort sending 0-RTT data > > is noticing lack of server EarlyData extension (so server isn't > > listening anyway), or if the entiere handshake is aborted.. Doing it > > in other situations leads to subtle race conditions. > > NSS stops sending 0-RTT as soon as it processes EncryptedExtensions. > It also stops if it receives a HelloRetryRequest. In both cases you > know that the server is trial decrypting and so it will correctly > handle more 0-RTT data, but there is no point sending more if you know > that it is junk.
Oh yeah, there is also HelloRetryRequest that aborts 0-RTT data. But stopping on receiving EncryptedExtensions with EarlyData extension is racy. -Ilari _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
