Add support for TLS 1.3 early data

[moyaldror]

Can we add early data support? It can be useful also in sslyze to test servers support and maybe vunrabilities to reply or DoS attacks.

I dont mind to take it. Thanks

[nabla-c0d3]

Sure - do you have any documentation on how it works?

[moyaldror]

TLSv1.3 draft #22 HTTP Servers support draft OpenSSL wiki

I also have a summary of how it works (did it at work) that i can add.

[moyaldror]

Using darft18 I'm having lots of issues but with draft22 looks like everything is working properly. Do you wish to wait until there will be a final version or do you want me to update the modern-openssl to draft22?

[nabla-c0d3]

It's fine to update OpenSSL to draft22 - thanks!

[moyaldror]

I updated OpenSSL locally and it all works great. How can I update it on master? I need to create all possible libcrypto and libssl for all distros?

I will create a commit on my branch now, will push my changes and wait for you explanation :) Once i will finish it all i will create a PR

[nabla-c0d3]

Awesome Thanks :) ! You do not need to build all the libraries or put them in the PR - i can do it easily if you tell me exactly which version of OpenSSL to use as the « modern » one. If you decide to put them in the PR, be careful as they are stored via git lfs. Thanks!!

[nabla-c0d3]

The unit test is crashing the interpreter with a segfault on macOS. Feel free to take a look if you have time, but this is mainly a reminder for me, for when I start looking into this functionality.

[moyaldror]

I will try to put my hands on an apple device to try and test it :)

[konklone]

(Looks like this was resolved by #26 and can be closed.)

[moyaldror]

So it was magically resolved? :O

[konklone]

Sorry, I was just referring to the issue title -- not the segfault discussed later in the thread.

[nabla-c0d3]

@moyaldror I have everything working except for one last failing test ( https://travis-ci.org/nabla-c0d3/nassl/jobs/390264992 ). The early data status returned after sending early data to s_server is REJECTED instead of ACCEPTED. Any idea on why this is happening? Thanks!

[moyaldror]

@nabla-c0d3 OpenSSL didn't implement early_data support on s_server when using HTTP logic(using flags like -WWW, -www or -HTTP). You need to remove the -HTTP flag and the status will be ACCEPTED :)

[nabla-c0d3]

@moyaldror that helped a lot =). Looks like all the early tests are passing even on macOS (no more segfault).

[moyaldror]

Great!!! so this issue can be closed? BTW - there are tons of new features in TLSv1.3 if you want me to create a list of newly features that might be useful to add i will be happy to do it :)

[nabla-c0d3]

Yeah actually I'll close it now 👍 , A list of features would be great - Thansk!