mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 12:41:00 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: quic: Enable TLS 0-RTT if needed

Browse Source 
Enable 0-RTT at the TLS context level:
    RFC 9001 4.6.1. Enabling 0-RTT
    Accordingly, the max_early_data_size parameter is repurposed to hold a
    sentinel value 0xffffffff to indicate that the server is willing to accept
    QUIC 0-RTT data.
At the SSL connection level, we must call SSL_set_quic_early_data_enabled().
This commit is contained in:
Frédéric Lécaille 2021-12-14 19:23:43 +01:00 committed by Amaury Denoyelle
parent 0371cd54d0
commit ad3c07ae81
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/xprt_quic.c
View File

@ -1184,7 +1184,7 @@ int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
#elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
if (bind_conf->ssl_conf.early_data) {
SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
SSL_CTX_set_max_early_data(ctx, 0xffffffff);
}
SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
@ -5075,6 +5075,10 @@ static int qc_conn_init(struct connection *conn, void **xprt_ctx)
qc->enc_params, qc->enc_params_len) == -1)
goto err;
/* Enabling 0-RTT */
if (bc->ssl_conf.early_data)
SSL_set_quic_early_data_enabled(ctx->ssl, 1);
SSL_set_accept_state(ctx->ssl);
}