Reused TLS1.3 but Early data was not sent

fablab · May 8, 2022

Hi everyone.

I wanted to use 0-RTT on my 123.09beta01 Centmin v813.

I followed the instructions on
https://community.centminmod.com/threads/nginx-announce-nginx-1-15-4.15672/page-4#post-69543

and included the following in my config
Code:
  ssl_early_data on;
  proxy_set_header Early-Data $ssl_early_data;
( not sure if iI am supposed to, but I am not seeing a early-data header)

Running the 1st command which connects and saves the session

openssl s_client -connect wptest2021.hejazultra.org:443 -sess_out session.pem
Click to expand...

seems to be working well as I received the 2 (default) Post-Handshake New Session Ticket, however each
gives me an unexpected Max Early Data: 0 ( I do not know if this is expected...)

...
Start Time: 1651954927
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
Click to expand...

Running the 2nd command shows the session was reused, but no Early Data was not sent.

No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 245 bytes and written 706 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
Click to expand...

What am I missing ??

This is my nginx -V

nginx version: nginx/1.21.6 (070522-190117-centos7-kvm-d5acfee-br-6e975bc)
built by gcc 10.2.1 20210130 (Red Hat 10.2.1-11) (GCC)
built with OpenSSL 1.1.1o 3 May 2022
TLS SNI support enabled
configure arguments: --with-ld-opt='-Wl,-E -L/usr/local/zlib-cf/lib -L/usr/local/nginx-dep/lib -ljemalloc -Wl,-z,relro -Wl,-rpath,/usr/local/zlib-cf/lib:/usr/local/nginx-dep/lib -flto=8 -fuse-ld=gold' --with-cc-opt='-I/usr/local/zlib-cf/include -I/usr/local/nginx-dep/include -m64 -march=native -DTCP_FASTOPEN=23 -g -O3 -Wno-strict-aliasing -fstack-protector-strong -flto=8 -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wno-pointer-sign -Wimplicit-fallthrough=0 -Wno-missing-profile -Wno-implicit-function-declaration -Wno-int-conversion -Wno-unused-result -Wno-unused-result -fcode-hoisting -Wno-cast-function-type -Wno-format-extra-args -Wno-vla-parameter -Wp,-D_FORTIFY_SOURCE=2 -Wno-deprecated-declarations' --sbin-path=/usr/local/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --build=070522-190117-centos7-kvm-d5acfee-br-6e975bc --with-compat --without-pcre2 --with-http_stub_status_module --with-http_secure_link_module --with-libatomic --with-http_gzip_static_module --add-dynamic-module=../ngx_brotli --add-dynamic-module=../incubator-pagespeed-ngx-1.14.33.1-RC1 --with-http_sub_module --with-http_addition_module --with-http_image_filter_module=dynamic --with-http_geoip_module --with-stream_geoip_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-stream --with-stream_ssl_module --with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.2 --add-module=../ngx_cache_purge-2.5.1 --add-dynamic-module=../ngx_devel_kit-0.3.0 --add-dynamic-module=../set-misc-nginx-module-0.32 --add-dynamic-module=../echo-nginx-module-0.62 --add-module=../redis2-nginx-module-0.15 --add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.19 --add-module=../srcache-nginx-module-0.32 --add-dynamic-module=../headers-more-nginx-module-0.33 --with-pcre-jit --with-zlib=../zlib-cloudflare-1.3.0 --with-http_ssl_module --with-http_v2_module --with-http_v2_hpack_enc --with-openssl=../openssl-1.1.1o --with-openssl-opt='enable-ec_nistp_64_gcc_128 enable-tls1_3 -fuse-ld=gold'
Click to expand...

eva2000 · May 8, 2022

fablab said: ↑

Running the 1st command which connects and saves the session
Click to expand...

Make sure you use Centmin Mod's openssl 1.1.1 version at /opt/openssl/bin/openssl and not system openssl version 1.0.2k at /usr/bin/openssl

i.e.
Code (Text):
/opt/openssl/bin/openssl s_client -connect http2.domain.com:443 -sess_out session.pem
and replay
Code (Text):
echo -n | /opt/openssl/bin/openssl s_client -connect http2.domain.com:443 -sess_in session.pem -early_data /tmp/https.txt

fablab · May 8, 2022

Hi George,

Thanks for the top.
Unfortunately, I have exactly the same results using /opt/openssl/bin/openssl on the server itself.

( for the record, I was testing from a separate OEL8.5 machine which has openssl 1.1.1k

dnf list openssl
Last metadata expiration check: 1:29:01 ago on Sun 08 May 2022 08:44:08 AM +03.
Installed Packages
openssl.x86_64 1:1.1.1k-6.el8_5 @ol8_baseos_latest
Click to expand...

still, you are right, I just tested on the server itself with the system 1.0.2k , the 1st connection only does TLS1.2 handshake, and the 2nd command fails as the -early_data option is unsupported)

but this is not what I was doing wrong. it must be something else
any other tip?

eva2000 · May 8, 2022

Only OpenSSL 1.1.1 supports TLSv1.3. But TLSv1.3 early data isn't something I have tested much so no idea why.

However, I just tested this myself on Centmin Mod and works fine for me

/tmp/https.txt has following content

Code (Text):

GET / HTTP/1.1
Host: domain.com:443

Nginx vhost with 2 directives added above location context for /

Code (Text):

  ssl_early_data on;
  proxy_set_header Early-Data $ssl_early_data;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

Code (Text):

/opt/openssl/bin/openssl s_client -connect domain.com:443 -sess_out session.pem

excerpt...

---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 5F87576B119D8FC9D6E2D3497753884A5A82025DE49EA432AEE9F08C656C6A85
    Session-ID-ctx:
    Resumption PSK: 0D4D9222D9B4F7CA27A92EB730C90E83C7133C3030806EC59B0CBAF2BD7FFF3A5C1B175CF71598C74D56770CFB105BC5
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    0000 - 84 38 94 93 20 d3 4d b0-e6 5e 35 fc 9e 88 51 73   .8.. .M..^5...Qs
    0010 - c4 c8 e2 f5 a8 98 82 a6-f4 eb 31 b4 cb b8 6a f3   ..........1...j.
    0020 - f7 ba 2c bd 9b 5f 03 e6-49 d7 35 28 9e 10 1b 15   ..,.._..I.5(....
    0030 - ef de 92 64 e3 88 4a eb-1e 93 13 61 24 6e 60 01   ...d..J....a$n`.
    0040 - 46 a0 c5 a5 b4 c5 6e 3c-0e be 67 ff aa 93 97 f6   F.....n<..g.....
    0050 - 4c 96 8c 4d e6 97 33 a5-f1 83 86 d0 e9 d6 f6 7c   L..M..3........|
    0060 - 50 96 b8 01 6f b2 a4 d9-2c 0e 35 ac bd 5f 38 a8   P...o...,.5.._8.
    0070 - 0d 1e 1e 9f bc 54 1e 05-77 fe 4d 4a e4 ba ea 24   .....T..w.MJ...$
    0080 - d4 1e 6a 58 67 2e 41 b3-d6 de af dc 22 75 b1 b0   ..jXg.A....."u..
    0090 - df cf 18 56 29 51 bb d1-14 ff 9e d2 54 40 a8 00   ...V)Q......T@..
    00a0 - 3e 23 3f c2 b1 bb c6 be-65 bd e3 d9 68 af 5d 06   >#?.....e...h.].
    00b0 - ad b0 e6 cd 3c 69 b9 6a-e1 1a bc 34 68 09 0b cf   ....<i.j...4h...
    00c0 - f2 cf 20 f4 6b 87 0d 1e-43 a8 1d d5 07 25 7c 27   .. .k...C....%|'
    00d0 - f6 e6 44 4f 2e 95 fb f6-cf c4 15 84 7c cf 47 b1   ..DO........|.G.
    00e0 - 54 5c 8a 7c 5b 5e 2f 84-70 b4 b5 0b 79 49 bd 41   T\.|[^/.p...yI.A

    Start Time: 1651995064
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
    Max Early Data: 16384
---
read R BLOCK

with

Code (Text):

Max Early Data: 16384

replay

Code (Text):

echo -n | /opt/openssl/bin/openssl s_client -connect domain.com:443 -sess_in session.pem -early_data /tmp/https.txt

---
Reused, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was accepted
Verify return code: 18 (self signed certificate)
---
DONE

with

Code (Text):

Early data was accepted

Tested this on Centmin Mod with CentOS 7.9 64bit same server as well as tested it on client server with Alma Linux 8.5 with OpenSSL 1.1.1

fablab · May 8, 2022

hum...
I'll try on a fresh new test vhost then.
I'll upgrade first to the 124.00stable first

Congrats on the 2 x releases ....
Thanks again George.

eva2000 said: ↑

Only OpenSSL 1.1.1 supports TLSv1.3. But TLSv1.3 early data isn't something I have tested much so no idea why.

However, I just tested this myself on Centmin Mod and works fine for me

/tmp/https.txt has following content

Code (Text):

GET / HTTP/1.1
Host: domain.com:443

Nginx vhost with 2 directives added above location context for /

Code (Text):

  ssl_early_data on;
  proxy_set_header Early-Data $ssl_early_data;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

Code (Text):

/opt/openssl/bin/openssl s_client -connect domain.com:443 -sess_out session.pem

excerpt...

---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 5F87576B119D8FC9D6E2D3497753884A5A82025DE49EA432AEE9F08C656C6A85
    Session-ID-ctx:
    Resumption PSK: 0D4D9222D9B4F7CA27A92EB730C90E83C7133C3030806EC59B0CBAF2BD7FFF3A5C1B175CF71598C74D56770CFB105BC5
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    0000 - 84 38 94 93 20 d3 4d b0-e6 5e 35 fc 9e 88 51 73   .8.. .M..^5...Qs
    0010 - c4 c8 e2 f5 a8 98 82 a6-f4 eb 31 b4 cb b8 6a f3   ..........1...j.
    0020 - f7 ba 2c bd 9b 5f 03 e6-49 d7 35 28 9e 10 1b 15   ..,.._..I.5(....
    0030 - ef de 92 64 e3 88 4a eb-1e 93 13 61 24 6e 60 01   ...d..J....a$n`.
    0040 - 46 a0 c5 a5 b4 c5 6e 3c-0e be 67 ff aa 93 97 f6   F.....n<..g.....
    0050 - 4c 96 8c 4d e6 97 33 a5-f1 83 86 d0 e9 d6 f6 7c   L..M..3........|
    0060 - 50 96 b8 01 6f b2 a4 d9-2c 0e 35 ac bd 5f 38 a8   P...o...,.5.._8.
    0070 - 0d 1e 1e 9f bc 54 1e 05-77 fe 4d 4a e4 ba ea 24   .....T..w.MJ...$
    0080 - d4 1e 6a 58 67 2e 41 b3-d6 de af dc 22 75 b1 b0   ..jXg.A....."u..
    0090 - df cf 18 56 29 51 bb d1-14 ff 9e d2 54 40 a8 00   ...V)Q......T@..
    00a0 - 3e 23 3f c2 b1 bb c6 be-65 bd e3 d9 68 af 5d 06   >#?.....e...h.].
    00b0 - ad b0 e6 cd 3c 69 b9 6a-e1 1a bc 34 68 09 0b cf   ....<i.j...4h...
    00c0 - f2 cf 20 f4 6b 87 0d 1e-43 a8 1d d5 07 25 7c 27   .. .k...C....%|'
    00d0 - f6 e6 44 4f 2e 95 fb f6-cf c4 15 84 7c cf 47 b1   ..DO........|.G.
    00e0 - 54 5c 8a 7c 5b 5e 2f 84-70 b4 b5 0b 79 49 bd 41   T\.|[^/.p...yI.A

    Start Time: 1651995064
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
    Max Early Data: 16384
---
read R BLOCK

with

Code (Text):

Max Early Data: 16384

replay

Code (Text):

echo -n | /opt/openssl/bin/openssl s_client -connect domain.com:443 -sess_in session.pem -early_data /tmp/https.txt

---
Reused, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was accepted
Verify return code: 18 (self signed certificate)
---
DONE

with

Code (Text):

Early data was accepted

Tested this on Centmin Mod with CentOS 7.9 64bit same server as well as tested it on client server with Alma Linux 8.5 with OpenSSL 1.1.1

Click to expand...

fablab · May 9, 2022

Great news. on a fresh vhost, Early data was accepted.
thank you all... now we only have to wait for curl and chrome to support 0-RTT [ FF already does ]

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Reused TLS1.3 but Early data was not sent

fablab New Member

eva2000 Administrator Staff Member

fablab New Member

eva2000 Administrator Staff Member

fablab New Member

fablab New Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Reused TLS1.3 but Early data was not sent

fablab New Member

eva2000 Administrator Staff Member

fablab New Member

eva2000 Administrator Staff Member

fablab New Member

fablab New Member

.