I’m having an issue with s_time and s_server using the latest OpenSSL (1.1.1-dev) and tls1_3.
When I use tls1_2 connections are established and data is transferred. However, when I use tls1_3 data is not transferred (connections are established).
Below are the commands I use for s_time and s_server. I provided the output when I used -tls1_2 vs. -tls1_3 on the server. Notice “bytes read 0” for TLS 1.3. (I tried this on the loopback as well as 2 separate boxes)
On 12/07/17 19:43, Roelof Du Toit wrote:
> This seems to be a bug in how s_time handles the TLS 1.3 post-handshake
> NewSessionTicket message; more specifically: not handling the retry when
> SSL_read() returns -1.
> The following diff (in tls1.3-draft-19 branch) appears to resolve the issue:
Probably you should use SSL_get_error() rather than BIO_should_retry().
The former is a little more complete (checks some conditions that
BIO_should_retry() does not). Could you submit this as a github PR?