From 6b78af837d7b5b75b7c22a5fa39bf50ed727d904 Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Tue, 9 Sep 2025 15:34:32 +0200 Subject: [PATCH] BUG/MEDIUM: ssl: create the mux immediately on early data If we received early data, and an ALPN has been negociated, then immediately try to create a mux if we did not have one already. Generally, at this point we would not have one, as the mux is decided by the ALPN, however at this point, even if the handshake is not done yet, we have enough to determine the ALPN, so we can immediately create the mux. Doing so makes up able to treat the request immediately, without waiting for the handshake to be done. This should be backported up to 2.8. --- src/ssl_sock.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index e0b5b9eee..8d6e5b000 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -5608,9 +5608,22 @@ static int ssl_sock_handshake(struct connection *conn, unsigned int flag) goto check_error; } if (read_data > 0) { + const char *alpn; + int len; + TRACE_DEVEL("Early data read", SSL_EV_CONN_HNDSHK, conn, ctx->ssl); conn->flags |= CO_FL_EARLY_DATA; b_add(&ctx->early_buf, read_data); + if (ssl_sock_get_alpn(conn, ctx, &alpn, &len) != 0) { + /* + * We have an ALPN set already, so we + * know which mux to use, and we have + * early data, let's create the mux + * now. + */ + if (!conn->mux) + conn_create_mux(conn, NULL); + } } if (ret == SSL_READ_EARLY_DATA_FINISH) { conn->flags &= ~CO_FL_EARLY_SSL_HS;