search

hannestschofenig / mbedtls

An open source, portable, easy to use, readable and flexible SSL library
https://tls.mbed.org
Apache License 2.0
15 stars 8 forks source link

[0-RTT] [RFC] Reuse mbedtls_ssl_write() for sending early data #368

Closed zhihan closed 2 years ago

zhihan commented 3 years ago

This PR changes the API for sending early data on the client side. It deprecates the mbedtls_ssl_set_early_data() method and reuses mbedtls_ssl_write() method for sending early data. An alternative design is in #369.

Changes proposed

  1. Add an error code MBEDTLS_ERR_SSL_HANDSHAKE_EARLY_RETURN for early return. Handshake returns with this error indicating the user can start sending early data. Calling mbedtls_ssl_handshake() again will continue the handshake. This pattern is similar to the handling of NewSessionTicket.
  2. Rename MBEDTLS_SSL_EARLY_DATA_ON|OFF to MBEDTLS_SSL_EARLY_DATA_STATE_DISABLED |ON|OFF as these values represent the state of the client, rather than a configuration. When early data is enabled, the early_data state is initially ON, it will be turned to OFF if early data is rejected, a HRR is received, or max_early_data is reached (to add).

Status

DRAFT, solicit early feedback on design.

Requires Backporting

NO

Migrations

Additional comments

Any additional information that could be of interest

Todos

Steps to test or reproduce

Outline the steps to test or reproduce the PR here.

Start openssl server using

/usr/local/opt/openssl/bin/openssl s_server -key server5.key -cert server5.crt -accept 1234 -early_data -state

Then try

./ssl_client2 server_name=localhost server_port=1234 auth_mode=none reconnect=1 early_data=1 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384  key_share_named_groups=secp384r1
zhihan commented 3 years ago

Superseded by #369 after sync meeting.