mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-07-20 19:27:29 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

QUIC: discarding 0-RTT keys.

Browse Source 
For simplicity, this is done on successful decryption of a 1-RTT packet.
This commit is contained in:
Sergey Kandaurov 2024-08-09 19:12:25 +04:00
parent 250baed4ee
commit 58b92177e7
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/event/quic/ngx_event_quic.c
View File

@ -1022,6 +1022,16 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
} }
} }
if (pkt->level == ssl_encryption_application) {
/*
* RFC 9001, 4.9.3. Discarding 0-RTT Keys
*
* After receiving a 1-RTT packet, servers MUST discard
* 0-RTT keys within a short time
*/
ngx_quic_discard_ctx(c, ssl_encryption_early_data);
}
if (qc->closing) { if (qc->closing) {
/* /*
* RFC 9000, 10.2. Immediate Close * RFC 9000, 10.2. Immediate Close