can we consider adding SSL_set_quic_early_data_enabled ?

Question

can we consider adding SSL_set_quic_early_data_enabled ?

Closed this issue 7 months ago · 2 comments

it's missing part currently for enabling 0RTT

https://github.com/quictls/openssl/blob/cb6841b741544bfd8868c1641ce96a934985509e/ssl/ssl_quic.c#L358

Answer 1 · 2024-03-04T21:53:06.000Z

On Mon, Mar 04, 2024 at 01:50:43PM -0800, Ilya Shipitsin wrote: it's missing part currently for enabling 0RTT https://github.com/quictls/openssl/blob/cb6841b741544bfd8868c1641ce96a934985509e/ssl/ssl_quic.c#L358

We can consider adding a stubbed out version of it (LibreSSL doesn't support 0RTT and won't). Unfortunately it is too late for 3.9.

Answer 2 · 2024-03-04T21:57:09.000Z

stubbed version seems to be a bad idea.

I thought it supports early data (and in that case a helper would make sense)

./include/openssl/ssl.h:#define SSL_EARLY_DATA_NOT_SENT		0
./include/openssl/ssl.h:#define SSL_EARLY_DATA_REJECTED		1
./include/openssl/ssl.h:#define SSL_EARLY_DATA_ACCEPTED		2