-
Notifications
You must be signed in to change notification settings - Fork 635
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS 1.3 client received Unexpected Eof with early data enabled #1406
Comments
For 1rtt connection, zero size data can be read indicating an eof. But for 0rtt, zero size data can't be read and Unexpected Eof was reported. |
@vincentliu77 Do you observe the same problem with other 0rtt enabled TLS 1.3 servers, or just |
Unfortunately, I tested on |
Hi @vincentliu77, I believe that Rustls is doing the correct thing in your modified example by raising an unexpected EOF error reading the response data from the 0-RTT request that the server accepted.
The reason this works for the 1rtt connection without an error is that the server-side properly signals the intent to close by sending a TLS layer close notify warning after the HTTP response application data. Because the warning is received, the Rustls client understands the EOF it reads is expected and yields a read of 0 without error.
In this case the server does not send a close notify warning, it only sends the HTTP application layer response. Because of this when Rustls reads the EOF it can't know whether this was an expected condition, or a truncation attack. Since ab685b5 Rustls' Here's the pcap I took, along with the exported Remember you'll need to configure Wireshark with the included pre-master-secret file in order to view the decrypted records:We can re-open this issue if you think my analysis is incorrect, but I believe there's nothing for us to fix on the Rustls side in this case. |
I use
simple_0rtt_client
with slight modification in the example to test client zero rtt.It could setup a 0rtt connection but failed to read data from this connection and reported
a unexpected eof error. (The same code works for 1rtt connection) The code I used is below
more specifically I only changed the code in the example
rustls/examples/src/bin/simple_0rtt_client.rs
Lines 52 to 56 in 6bdaf04
and changed it to
The text was updated successfully, but these errors were encountered: