diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-19 15:52:26 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-08-03 09:18:17 +0200 |
commit | d47111032f5b20eed70093d988741da5d0e69952 (patch) | |
tree | db725ee0bf90d5d500a45c681bb07445574a8b86 /doc | |
parent | 5b9c6c93c680fdfa63b2854741d446ff50002510 (diff) | |
download | gnutls-d47111032f5b20eed70093d988741da5d0e69952.tar.gz |
tls1.3: server returns early on handshake when no cert is provided by client
Under TLS1.3 the server knows the negotiated keys early, if no client
certificate is sent. In that case, the server is not only able to
transmit the session ticket immediately after its finished message,
but is also able to transmit data, similarly to false start.
Resolves #481
Resolves #457
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/cha-gtls-app.texi | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index b1573213db..0f89e8f41a 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -907,6 +907,15 @@ reduce the round-trips to a single one by taking advantage of the @ref{False Sta TLS extension. This can be enabled by setting the @acronym{GNUTLS_ENABLE_FALSE_START} flag on @funcref{gnutls_init}. +Under TLS 1.3, the server side can start transmitting before the handshake +is complete (i.e., while the client Finished message is still in flight), +when no client certificate authentication is requested. This, unlike false +start, is part of protocol design with no known security implications. +It can be enabled by setting the @acronym{GNUTLS_ENABLE_EARLY_START} on +@funcref{gnutls_init}, and the @funcref{gnutls_handshake} function will +return early, allowing the server to send data earlier. + + @node DTLS sessions @subsection DTLS sessions |