New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Receiving ACKs for 0-RTT #3855
Comments
I think that this is true. The server can send before then, but we require that the client not install 1-RTT keys until it considers the handshake complete. |
That's not entirely true. It's the server that needs to hold back keys (namely, the 1-RTT read key) until the handshake completes. The client can use keys as soon as they become available. |
I think @martinthomson is correct in sense that the following three events happen at the same moment on the client side:
|
Martin is correct. There are two different forms of handshake completion: complete when 1rtt can be sent and received, confirmed when the peer is known to be complete. The client cannot receive 0rtt acks before installing 1rtt keys, hence before hanshake is complete. |
This was never explicit for the client as it is usually not possible. Closes #3855 in a way that perhaps was not anticipated.
However, this is not necessarily strictly true, because you might have the ACKs in 0.5RTT. Now you might say that the TLS stack reports the handshake as complete as soon as it receives Finished but that's an implementation detail
The text was updated successfully, but these errors were encountered: