Nginx 1.15.6 with openssl 1.1.1 , EarlyData not sent












0















We have set " ssl_early_data on; " and "proxy_set_header Early-Data $ssl_early_data ;" in nginx 1.15.6 config built with openssl 1.1.1 but when we are running the below command , it is showing EarlyData is not Sent. any idea how to resolve this issue?



openssl s_client -connect www.rupeevest.com:443



SSL handshake has read 4693 bytes and written 399 bytes



Verification: OK



New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent



Verify return code: 0 (ok)








nginx openssl tls1.3







share|improve this question



























    0















    We have set " ssl_early_data on; " and "proxy_set_header Early-Data $ssl_early_data ;" in nginx 1.15.6 config built with openssl 1.1.1 but when we are running the below command , it is showing EarlyData is not Sent. any idea how to resolve this issue?



    openssl s_client -connect www.rupeevest.com:443



    SSL handshake has read 4693 bytes and written 399 bytes



    Verification: OK



    New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    Early data was not sent



    Verify return code: 0 (ok)








    nginx openssl tls1.3







    share|improve this question

























      0












      0








      0








      We have set " ssl_early_data on; " and "proxy_set_header Early-Data $ssl_early_data ;" in nginx 1.15.6 config built with openssl 1.1.1 but when we are running the below command , it is showing EarlyData is not Sent. any idea how to resolve this issue?



      openssl s_client -connect www.rupeevest.com:443



      SSL handshake has read 4693 bytes and written 399 bytes



      Verification: OK



      New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
      Server public key is 2048 bit
      Secure Renegotiation IS NOT supported
      Compression: NONE
      Expansion: NONE
      No ALPN negotiated
      Early data was not sent



      Verify return code: 0 (ok)








      nginx openssl tls1.3







      share|improve this question














      We have set " ssl_early_data on; " and "proxy_set_header Early-Data $ssl_early_data ;" in nginx 1.15.6 config built with openssl 1.1.1 but when we are running the below command , it is showing EarlyData is not Sent. any idea how to resolve this issue?



      openssl s_client -connect www.rupeevest.com:443



      SSL handshake has read 4693 bytes and written 399 bytes



      Verification: OK



      New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
      Server public key is 2048 bit
      Secure Renegotiation IS NOT supported
      Compression: NONE
      Expansion: NONE
      No ALPN negotiated
      Early data was not sent



      Verify return code: 0 (ok)








      nginx openssl tls1.3




      nginx openssl tls1.3






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 17 '18 at 11:25









      Rahul MistryRahul Mistry

      13




      13
























          1 Answer
          1






          active

          oldest

          votes


















          0














          In order to send "early-data", client and server must support PSK exchange mode. See https://tools.ietf.org/html/rfc8446#section-2.3



          To verify using OpenSSL, as an use-case example, first save the session to a file, next use that session file and send early data to server. Note your server should support TLS 1.3



          $> openssl s_client -connect www.yourhostedserver.com:443 -tls1_3 -sess_out /path-to-session-file/session.pem
          
$> openssl s_client -connect www.yourhostedserver.com:443 -tls1_3 -sess_in /path-to-session-file/session.pem -early_data /path-to-early-data-file/early-data.txt
          
//early-data.txt file contains a text like
          
GET /HTTP/1.1


          Hope this helps!






          share|improve this answer























            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53350763%2fnginx-1-15-6-with-openssl-1-1-1-earlydata-not-sent%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            In order to send "early-data", client and server must support PSK exchange mode. See https://tools.ietf.org/html/rfc8446#section-2.3



            To verify using OpenSSL, as an use-case example, first save the session to a file, next use that session file and send early data to server. Note your server should support TLS 1.3



            $> openssl s_client -connect www.yourhostedserver.com:443 -tls1_3 -sess_out /path-to-session-file/session.pem
            
$> openssl s_client -connect www.yourhostedserver.com:443 -tls1_3 -sess_in /path-to-session-file/session.pem -early_data /path-to-early-data-file/early-data.txt
            
//early-data.txt file contains a text like
            
GET /HTTP/1.1


            Hope this helps!






            share|improve this answer




























              0














              In order to send "early-data", client and server must support PSK exchange mode. See https://tools.ietf.org/html/rfc8446#section-2.3



              To verify using OpenSSL, as an use-case example, first save the session to a file, next use that session file and send early data to server. Note your server should support TLS 1.3



              $> openssl s_client -connect www.yourhostedserver.com:443 -tls1_3 -sess_out /path-to-session-file/session.pem
              
$> openssl s_client -connect www.yourhostedserver.com:443 -tls1_3 -sess_in /path-to-session-file/session.pem -early_data /path-to-early-data-file/early-data.txt
              
//early-data.txt file contains a text like
              
GET /HTTP/1.1


              Hope this helps!






              share|improve this answer


























                0












                0








                0







                In order to send "early-data", client and server must support PSK exchange mode. See https://tools.ietf.org/html/rfc8446#section-2.3



                To verify using OpenSSL, as an use-case example, first save the session to a file, next use that session file and send early data to server. Note your server should support TLS 1.3



                $> openssl s_client -connect www.yourhostedserver.com:443 -tls1_3 -sess_out /path-to-session-file/session.pem
                
$> openssl s_client -connect www.yourhostedserver.com:443 -tls1_3 -sess_in /path-to-session-file/session.pem -early_data /path-to-early-data-file/early-data.txt
                
//early-data.txt file contains a text like
                
GET /HTTP/1.1


                Hope this helps!






                share|improve this answer













                In order to send "early-data", client and server must support PSK exchange mode. See https://tools.ietf.org/html/rfc8446#section-2.3



                To verify using OpenSSL, as an use-case example, first save the session to a file, next use that session file and send early data to server. Note your server should support TLS 1.3



                $> openssl s_client -connect www.yourhostedserver.com:443 -tls1_3 -sess_out /path-to-session-file/session.pem
                
$> openssl s_client -connect www.yourhostedserver.com:443 -tls1_3 -sess_in /path-to-session-file/session.pem -early_data /path-to-early-data-file/early-data.txt
                
//early-data.txt file contains a text like
                
GET /HTTP/1.1


                Hope this helps!







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jan 14 at 6:28









                naga headhunternaga headhunter

                73110




                73110






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53350763%2fnginx-1-15-6-with-openssl-1-1-1-earlydata-not-sent%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    這個網誌中的熱門文章

                    Academy of Television Arts & Sciences

                    圖片
                    American television organization Academy of Television Arts & Sciences Founded 1946 ; 73 years ago  ( 1946 ) Location North Hollywood, California, United States Area served Television industry Product Emmy Awards Key people Frank Scherma ( Chairman and CEO ) Website televisionacademy.com [redirects to emmys.com , official website of the Emmys and the Television Academy The Academy of Television Arts & Sciences ( ATAS ), also colloquially known as the Television Academy , is a professional honorary organization dedicated to the advancement of the television industry in the United States. Founded in 1946, the organization presents the Primetime Emmy Awards, an annual ceremony honoring achievement in U.S. primetime television. Contents 1 History 2 Emmy Award 3 Publications and programs 4 Current governance 4.1 Board of Governors 5 Television Academy honors 5.1 1st Annual (2008) 5.2 2nd Annual (2009)...
                    閱讀完整內容

                    L'Équipe

                    圖片
                    For other uses, see Équipe (disambiguation). L'Équipe The front page of L'Équipe on 4 July 2011 Type Daily newspaper Format Tabloid Owner(s) Éditions Philippe Amaury Editor François Morinière Editor-in-chief Fabrice Jouhaud Founded 1946 Language French Headquarters Boulogne-Billancourt ISSN 0153-1069 Website www.lequipe.fr L'Équipe ( pronounced  [lekip] , French for "the team") is a French nationwide daily newspaper devoted to sport, owned by Éditions Philippe Amaury. The paper is noted for coverage of association football , rugby, motorsport and cycling. Its predecessor was L'Auto , a general sports paper whose name reflected not any narrow interest but the excitement of the time in car racing. L'Auto originated the Tour de France cycling stage race in 1903 as a circulation booster. The race leader's yellow jersey (French: maillot jaune ) was instituted in 1919, probably to reflect the dist...
                    閱讀完整內容

                    1995 France bombings

                    圖片
                    This article is a rough translation from French . It may have been generated by a computer or by a translator without dual proficiency. Please help to enhance the translation. The original article is under "français" in the "languages" sidebar. See this article's entry on Pages needing translation into English for discussion. 1995 France bombings Part of Algerian Civil War (spillover) Plaque commemorating the victims of the Saint-Michel station bombing on 25 July 1995 Location Paris and Lyon, France Date 25 July 1995  ( 1995-07-25 ) – 17 October 1995  ( 1995-10-17 ) Weapons Improvised explosive devices, school bombing Deaths 8 Non-fatal injuries 157 Perpetrator Armed Islamic Group Motive To induce the French government to withdraw support from the Algerian government during the Algerian Civil War The 1995 bombings in France were carried out by the Armed Islamic Group (GIA), who were broadening the Alger...
                    閱讀完整內容