Closed moyaldror closed 6 years ago
Sure - do you have any documentation on how it works?
TLSv1.3 draft #22 HTTP Servers support draft OpenSSL wiki
I also have a summary of how it works (did it at work) that i can add.
Using darft18 I'm having lots of issues but with draft22 looks like everything is working properly. Do you wish to wait until there will be a final version or do you want me to update the modern-openssl to draft22?
It's fine to update OpenSSL to draft22 - thanks!
I updated OpenSSL locally and it all works great. How can I update it on master? I need to create all possible libcrypto and libssl for all distros?
I will create a commit on my branch now, will push my changes and wait for you explanation :) Once i will finish it all i will create a PR
Awesome Thanks :) ! You do not need to build all the libraries or put them in the PR - i can do it easily if you tell me exactly which version of OpenSSL to use as the « modern » one. If you decide to put them in the PR, be careful as they are stored via git lfs. Thanks!!
The unit test is crashing the interpreter with a segfault on macOS. Feel free to take a look if you have time, but this is mainly a reminder for me, for when I start looking into this functionality.
I will try to put my hands on an apple device to try and test it :)
(Looks like this was resolved by #26 and can be closed.)
So it was magically resolved? :O
Sorry, I was just referring to the issue title -- not the segfault discussed later in the thread.
@moyaldror I have everything working except for one last failing test ( https://travis-ci.org/nabla-c0d3/nassl/jobs/390264992 ). The early data status returned after sending early data to s_server is REJECTED
instead of ACCEPTED
. Any idea on why this is happening?
Thanks!
@nabla-c0d3 OpenSSL didn't implement early_data support on s_server when using HTTP logic(using flags like -WWW, -www or -HTTP). You need to remove the -HTTP flag and the status will be ACCEPTED :)
@moyaldror that helped a lot =). Looks like all the early tests are passing even on macOS (no more segfault).
Great!!! so this issue can be closed? BTW - there are tons of new features in TLSv1.3 if you want me to create a list of newly features that might be useful to add i will be happy to do it :)
Yeah actually I'll close it now 👍 , A list of features would be great - Thansk!
Can we add early data support? It can be useful also in sslyze to test servers support and maybe vunrabilities to reply or DoS attacks.
I dont mind to take it. Thanks