Closed muelli closed 5 years ago
Hi muelli,
I believe Early data requires Pre-Shared-Keys (PSK) or Session Tickets. Our engineer Sean (@SparkiDev) will followup with further details.
AC_MSG_ERROR([cannot enable earlydata without enabling session tickets and/or PSK.])
Did you try using the -0
option to enable early data with the example client?
An interesting blog post we did regarding TLS v1.3 early data: https://www.wolfssl.com/use-0-rtt-rope-climb-without-hanging/
Thanks, David Garske, wolfSSL
Hi muelli,
I believe that the 'sniffer' configuration item is causing issues. This option is not supported with TLS 1.3 at this time.
Sean Parkinson, wolfSSL
Hi Sean,
configuring without the sniffer doesn't help. Configuring without the early data helps, though.
But I don't think it should fail when the server and the client are run with -r
for resume
and -0
.
In any case, some form of message about incompatibility would be nice rather than just failing.
Hi muelli,
I'm really confused with this. I have tried your exact configuration line without --enable-sniffer and the server and client work. Can you try again with the latest master?
Sean Parkinson, wolfSSL
I have tried your exact configuration line without --enable-sniffer and the server and client work. Can you try again with the latest master?
I can confirm that this works. I cannot reproduce what I described in my previous comment https://github.com/wolfSSL/wolfssl/issues/1858#issuecomment-426203828. I guess I was wrong.
Thanks muelli for taking the time to report your issue. For me, the sniffer configuration option caused the problem that you reported.
Please don't hesitate to report any issues you find in the future.
Sean Parkinson, wolfSSL
so is it not a bug that you compile wolfssl s.t. the examples don't work?
It is not a bug that the --enable-sniffer doesn't work. This is a feature not implemented.
The sniffer code processes handshake messages. The TLS 1.3 messages are not supported at this time. This is a feature that can be requested but not a bug.
My apologies for not seeing the title change of the issue.
Sean Parkinson, wolfSSL
I've tried to use the example client and server for establishing a TLS1.3 connection.
Here is my log:
With a bit of debugging, it turns out to error out in src/internal.c with BAD_KEY_SHARE_DATA:
I expected to be able to establish a TLS 1.3 with the provided client and server.