61 Early data can be sent if a session has previously been established with the
62 server or when establishing a new session using an out-of-band PSK, and only
73 When a server receives early data it may opt to immediately respond by sending
84 determine if a session established with a server can be used to send early data.
89 data bytes that can be sent for a session. This would typically be used when
90 creating a PSK session file (see L<SSL_CTX_set_psk_use_session_callback(3)>). If
91 using a ticket based PSK then this is set automatically to the value provided by
101 When called by a client, SSL_write_early_data() must be the first IO function
102 called on a new connection, i.e. it must occur before any calls to
115 complete the handshake by calling a function such as L<SSL_connect(3)> or
116 L<SSL_do_handshake(3)>. Alternatively you can call a standard write function
127 A server uses the SSL_read_early_data() function to receive early data on a
131 called on a connection, i.e. it must occur before any calls to
145 same way as a 0 return value from L<SSL_read_ex(3)>.
150 the same way as a 1 return value from L<SSL_read_ex(3)>. You should continue to
175 still needs to be completed. Complete the connection by calling a function such
176 as L<SSL_accept(3)> or L<SSL_do_handshake(3)>. Alternatively you can call a
185 connection immediately without further need to call a function such as
186 L<SSL_accept(3)>. This can happen if the client is using a protocol version less
189 L<SSL_accept(3)> anyway. Such a call will successfully return immediately with no
192 When a session is created between a server and a client the server will specify
194 connection attempt. By default the server does not accept early data; a
199 amount of early data in bytes that is permitted to be sent on a single
202 early data settings for the SSL_CTX and SSL objects respectively. Generally a
206 early data setting for a server is nonzero then replay protection is
209 If the server rejects the early data sent by a client then it will skip over
211 is controlled by the recv_max_early_data setting. If a client sends more than
221 server. If a client sends more data than this then the connection will abort.
223 The configured value for max_early_data on a server may change over time as
233 SSL_CTX_set_allow_early_data_cb() and SSL_set_allow_early_data_cb() set a
234 callback which is called at a point in the handshake immediately before a
235 decision is made to accept or reject early data. The callback is provided with a
240 protection feature will still be used even if a callback is present unless it
247 SSL_set_allow_early_data_cb() fail if called on a QUIC SSL object.
251 The whole purpose of early data is to enable a client to start sending data to
252 the server before a full round trip of network traffic has occurred. Application
254 to obtain a performant solution. For example Nagle's algorithm is commonly used
258 buffer outgoing TCP data if a TCP packet has already been sent which we have not
263 SSL_write_early_data(). If the amount of data written will exceed the size of a
268 sent until a complete round trip with the server has occurred which defeats the
276 In rare circumstances, it may be possible for a client to have a session that
277 reports a max early data value greater than 0, but where the server does not
278 support this. For example, this can occur if a server has had its configuration
279 changed to accept a lower max early data value such as by calling
280 SSL_CTX_set_recv_max_early_data(). Another example is if a server used to
282 a server will cause the connection to abort. Clients that encounter an aborted
285 establish a new transport layer connection to the server and attempt the SSL/TLS
287 retry with a lower maximum protocol version.
292 the same early data was not replayed across multiple connections. As a
294 server is configured with a nonzero max early data value. With replay
295 protection enabled sessions are forced to be single use only. If a client
296 attempts to reuse a session ticket more than once, then the second and
297 subsequent attempts will fall back to a full handshake (and any early data that
299 if a client does not send any early data.
305 whenever a session ticket is issued. When a client attempts to resume the
308 does not exist then the resumption is not allowed and a full handshake will
317 OpenSSL will lock the internal cache while a session is removed but that lock is
319 is called. This could result in a small amount of time where the session has
331 details. Applications can also set a callback to make decisions about accepting
336 SSL_write_early_data() returns 1 for success or 0 for failure. In the event of a
342 event of a failure call L<SSL_get_error(3)> to determine the correct course of
376 this file except in compliance with the License.  You can obtain a copy

Last Index update Sat Nov 16 14:06:55 UTC 2024

Dedicated to & Maintained by Room-11