Hello, how was that found ? is there some compliance (automated) test ?
пт, 9 авг. 2024 г. в 18:57, Sergey Kandaurov <pluk...@nginx.com>: > details: https://hg.nginx.org/nginx/rev/906a42885ce2 > branches: > changeset: 9273:906a42885ce2 > user: Sergey Kandaurov <pluk...@nginx.com> > date: Fri Aug 09 19:12:25 2024 +0400 > description: > QUIC: discarding 0-RTT keys. > > For simplicity, this is done on successful decryption of a 1-RTT packet. > > diffstat: > > src/event/quic/ngx_event_quic.c | 10 ++++++++++ > 1 files changed, 10 insertions(+), 0 deletions(-) > > diffs (20 lines): > > diff -r 6392cb0d83e8 -r 906a42885ce2 src/event/quic/ngx_event_quic.c > --- a/src/event/quic/ngx_event_quic.c Fri Aug 09 19:12:23 2024 +0400 > +++ b/src/event/quic/ngx_event_quic.c Fri Aug 09 19:12:25 2024 +0400 > @@ -1022,6 +1022,16 @@ ngx_quic_handle_payload(ngx_connection_t > } > } > > + if (pkt->level == ssl_encryption_application) { > + /* > + * RFC 9001, 4.9.3. Discarding 0-RTT Keys > + * > + * After receiving a 1-RTT packet, servers MUST discard > + * 0-RTT keys within a short time > + */ > + ngx_quic_discard_ctx(c, ssl_encryption_early_data); > + } > + > if (qc->closing) { > /* > * RFC 9000, 10.2. Immediate Close > _______________________________________________ > nginx-devel mailing list > nginx-devel@nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx-devel >
_______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
