Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not use pending actions without 0-RTT #380

Closed
wants to merge 2 commits into from
Closed

Do not use pending actions without 0-RTT #380

wants to merge 2 commits into from

Conversation

ocheron
Copy link
Contributor

@ocheron ocheron commented Jul 13, 2019

This is related to #355: the PR changes the server implementation to wait for client Finished unless early data is sent and accepted. So the transition to TLS13 does not raise any security concern by default. Later a server parameter could be added to relax the constraint and get the previous behavior.

I include a refactoring of pending actions and RecvHandshake13M. A common pattern is actions needing the transcript hash up to the previous handshake message. The infrastructure can provide this service, and there is no need for postAction anymore.

@ocheron
Refactor pending actions to take optional transcript hash
f4e864c 
Pending actions now always call processHandshake13 before executing
the action, but may use the preceding transcript hash when it is
required.  This removes the need for a postAction.

The recv state machine is modified accordingly with function
recvHandshake13hash.
@ocheron
Do not use pending actions without 0-RTT
0086f41
@kazu-yamamoto kazu-yamamoto self-requested a review July 16, 2019 05:33
kazu-yamamoto
kazu-yamamoto approved these changes Jul 16, 2019
View reviewed changes
Copy link
Collaborator

@kazu-yamamoto kazu-yamamoto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Refactoring part is much more elegant than my approach in QUIC. :-)

kazu-yamamoto added a commit to kazu-yamamoto/hs-tls that referenced this pull request Jul 16, 2019
@kazu-yamamoto
Merge PR haskell-tls#380
c182847
@kazu-yamamoto
Copy link
Collaborator

Merged.

@ocheron ocheron deleted the rtt0-pa branch July 17, 2019 18:08
@ocheron
Copy link
Contributor Author

ocheron commented Jul 21, 2019

This is not necessarily the end of the story. For #355 I've been playing with an encoding of pending actions as a parsing transformer sink.

data PendingActionStep a
    = PendingActionRecv (Handshake13 -> PendingAction a)
      -- ^ simple pending action
    | PendingActionHash (ByteString -> Handshake13 -> PendingAction a)
      -- ^ pending action taking transcript hash up to preceding message
    | PendingActionDone a
      -- ^ no action is pending

newtype PendingAction a = PendingAction
    { runPendingAction :: IO (PendingActionStep a)
    }

With something like this I think it's possible to have the exact same monadic code run through runRecvHandshake13 immediately, or as a pending action.

@ocheron ocheron mentioned this pull request Dec 1, 2019
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kazu-yamamoto kazu-yamamoto kazu-yamamoto approved these changes

Assignees
No one assigned
Labels
TLS1.3
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ocheron @kazu-yamamoto