Next: Anti-replay protection, Previous: Reducing round-trips, Up: Setting up the transport layer [Contents][Index]
Under TLS 1.3, when the client has already connected to the server and is resuming a session, it can start transmitting application data during handshake. This is called zero round-trip time (0-RTT) mode, and the application data sent in this mode is called early data. The client can send early data with gnutls_record_send_early_data. The client should call this function before calling gnutls_handshake and after calling gnutls_session_set_data.
Note, however, that early data has weaker security properties than normal application data sent after handshake, such as lack of forward secrecy, no guarantees of non-replay between connections. Thus it is disabled on the server side by default. To enable it, the server needs to:
The server caches the received early data until it is read. To set the maximum amount of data to be stored in the cache, use gnutls_record_set_max_early_data_size. After receiving the EndOfEarlyData handshake message, the server can start retrieving the received data with gnutls_record_recv_early_data. You can call the function either after the handshake is complete, or through a handshake hook (gnutls_handshake_set_hook_function).
When sending early data, the client should respect the maximum amount of early data, which may have been previously advertised by the server. It can be checked using gnutls_record_get_max_early_data_size, right after calling gnutls_session_set_data.
After sending early data, to check whether the sent early data was accepted by the server, use gnutls_session_get_flags and compare the result with GNUTLS_SFLAGS_EARLY_DATA. Similarly, on the server side, the same function and flag can be used to check whether it has actually accepted early data.
Next: Anti-replay protection, Previous: Reducing round-trips, Up: Setting up the transport layer [Contents][Index]