MINOR: quic: Enable TLS 0-RTT if needed Enable 0-RTT at the TLS context level: RFC 9001 4.6.1. Enabling 0-RTT Accordingly, the max_early_data_size parameter is repurposed to hold a sentinel value 0xffffffff to indicate that the server is willing to accept QUIC 0-RTT data. At the SSL connection level, we must call SSL_set_quic_early_data_enabled().

commit: ad3c07ae8188f3fce52bb838954ec638781d1506 [log] [tgz]
author: Frédéric Lécaille <flecaille@haproxy.com> Tue Dec 14 19:23:43 2021 +0100
committer: Amaury Denoyelle <adenoyelle@haproxy.com> Fri Dec 17 08:38:43 2021 +0100
tree: eeaab22a07b5e4a665928bef773a9c3b5064bd7d
parent: 0371cd54d029423b9bff6aec79053a27845ce6bd [diff]
diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 08c4ad1..55c45f9 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c

@@ -1184,7 +1184,7 @@
 #elif (HA_OPENSSL_VERSION_NUMBER >= 0x10101000L)
 	if (bind_conf->ssl_conf.early_data) {
 		SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
-		SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
+		SSL_CTX_set_max_early_data(ctx, 0xffffffff);
 	}
 	SSL_CTX_set_client_hello_cb(ctx, ssl_sock_switchctx_cbk, NULL);
 	SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
@@ -5075,6 +5075,10 @@
 		                     qc->enc_params, qc->enc_params_len) == -1)
 			goto err;
 
+		/* Enabling 0-RTT */
+		if (bc->ssl_conf.early_data)
+			SSL_set_quic_early_data_enabled(ctx->ssl, 1);
+
 		SSL_set_accept_state(ctx->ssl);
 	}
commit	ad3c07ae8188f3fce52bb838954ec638781d1506	[log] [tgz]
author	Frédéric Lécaille <flecaille@haproxy.com>	Tue Dec 14 19:23:43 2021 +0100
committer	Amaury Denoyelle <adenoyelle@haproxy.com>	Fri Dec 17 08:38:43 2021 +0100
tree	eeaab22a07b5e4a665928bef773a9c3b5064bd7d
parent	0371cd54d029423b9bff6aec79053a27845ce6bd [diff]