-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
early_data and CCM ciphersuite (openssl 3.0.5) #20377
Labels
triaged: bug
The issue/pr is/fixes a bug
Comments
vitalyk-radware
changed the title
early_data and CCM ciphersuite
early_data and CCM ciphersuite (openssl 3.0.5)
Feb 26, 2023
mattcaswell
added
triaged: bug
The issue/pr is/fixes a bug
and removed
issue: bug report
The issue was opened to report a bug
labels
Feb 27, 2023
This is an OpenSSL bug. It seems we are leaving a spurious error on the error queue in the event that early data decryption fails (which is a normal event). Investigating further... |
mattcaswell
added a commit
to mattcaswell/openssl
that referenced
this issue
Feb 27, 2023
Early data decryption is expected to fail sometimes. If it does we should not leave spurious error entries on the queue. Fixes openssl#20377
mattcaswell
added a commit
to mattcaswell/openssl
that referenced
this issue
Feb 27, 2023
Early data decryption is expected to fail sometimes. If it does we should not leave spurious error entries on the queue. Fixes openssl#20377
PR #20401 provides a fix for this for the master branch. Once I have approval for that PR, I'll create a new PR to backport the fix to 3.1/3.0 |
mattcaswell
added a commit
to mattcaswell/openssl
that referenced
this issue
Mar 2, 2023
Early data decryption is expected to fail sometimes. If it does we should not leave spurious error entries on the queue. Fixes openssl#20377
mattcaswell
added a commit
to mattcaswell/openssl
that referenced
this issue
Mar 6, 2023
Early data decryption is expected to fail sometimes. If it does we should not leave spurious error entries on the queue. Fixes openssl#20377
3.1/3.0 backport of this in #20442 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
i get an error
in the following case:
server:
client:
tmp.zip
on the second reuse of a session with early data, i get this error on server when connection is closed.
it happens only with CCM ciphers, but does not happen with GCM.
it only happens when there is early_data.
with openssl 1.1.1 it worked fine.
please help. thank you.
The text was updated successfully, but these errors were encountered: