Hello, I am using OpenSSL s_client to send early data during resumption over a TLS1.3 connection. However, the server rejects it as shown below.
Reused, TLSv1.3, Cipher is TLS13-AES-128-GCM-SHA256 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated *Early data was rejected* SSL-Session: Protocol : TLSv1.3 Cipher : TLS13-AES-128-GCM-SHA256 Is there any way to accept early data on the server? I am using a basic server config: worker_processes 1; > events {worker_connections 1024; > } > http { > include mime.types; > default_type application/octet-stream; > sendfile on; > keepalive_timeout 10m; > server { > listen 127.0.0.1:443; > ssl on; > ssl_prefer_server_ciphers on; > ssl_protocols TLSv1.3; > ssl_ciphers TLS13-AES-128-GCM-SHA256; > #ssl_ecdh_curve secp384r1:X25519; > ssl_certificate /usr/local/nginx/certs/nginx-selfsigned.crt; > ssl_certificate_key /usr/local/nginx/certs/nginx-selfsigned.key; > # ssl_dhparam /usr/local/nginx/ssl/certs/dhparam.pem; > ssl_session_tickets on; > ssl_session_cache shared:SSL:10m; > ssl_session_timeout 10m; > keepalive_timeout 7200s; > location / {root html; > index index.html index.htm; > } > } > } Cheers, Utkarsh ᐧ
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel