tls1.3: server returns early on handshake when no cert is provided by client

Under TLS1.3 the server knows the negotiated keys early, if no client certificate is sent. In that case, the server is not only able to transmit the session ticket immediately after its finished message, but is also able to transmit data, similarly to false start. Resolves #481 Resolves #457 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-07-19 15:52:26 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2018-08-03 09:18:17 +0200
commit: d47111032f5b20eed70093d988741da5d0e69952 (patch)
tree: db725ee0bf90d5d500a45c681bb07445574a8b86 /NEWS
parent: 5b9c6c93c680fdfa63b2854741d446ff50002510 (diff)
download: gnutls-d47111032f5b20eed70093d988741da5d0e69952.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 3936b03bc8..b864a10b9d 100644
--- a/NEWS
+++ b/NEWS
@@ -11,8 +11,12 @@ See the end for copying conditions.
    gnutls_certificate_set_retrieve_function() which could not handle the case where
    no certificates were returned, or the callbacks were set to NULL (see #528).
 
+** libgnutls: gnutls_handshake() on server returns early on handshake when no
+   certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
+   is specified.
+
 ** API and ABI modifications:
-No changes since last version.
+GNUTLS_ENABLE_EARLY_START: Added
 
 
 * Version 3.6.3 (released 2018-07-16)
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-07-19 15:52:26 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2018-08-03 09:18:17 +0200
commit	d47111032f5b20eed70093d988741da5d0e69952 (patch)
tree	db725ee0bf90d5d500a45c681bb07445574a8b86 /NEWS
parent	5b9c6c93c680fdfa63b2854741d446ff50002510 (diff)
download	gnutls-d47111032f5b20eed70093d988741da5d0e69952.tar.gz