962097b8dd
Based on #14135, implement TLSv1.3 earlydata support for the curl command line, libcurl and its implementation in GnuTLS. If a known TLS session announces early data support, and the feature is enabled *and* it is not a "connect-only" transfer, delay the TLS handshake until the first request is being sent. - Add --tls-earldata as new boolean command line option for curl. - Add CURLSSLOPT_EARLYDATA to libcurl to enable use of the feature. - Add CURLINFO_EARLYDATA_SENT_T to libcurl, reporting the amount of bytes sent and accepted/rejected by the server. Implementation details: - store the ALPN protocol selected at the SSL session. - When reusing the session and enabling earlydata, use exactly that ALPN protocol for negoptiation with the server. When the sessions ALPN does not match the connections ALPN, earlydata will not be enabled. - Check that the server selected the correct ALPN protocol for an earlydata connect. If the server does not confirm or reports something different, the connect fails. - HTTP/2: delay sending the initial SETTINGS frames during connect, if not connect-only. Verification: - add test_02_32 to verify earlydata GET with nghttpx. - add test_07_70 to verify earlydata PUT with nghttpx. - add support in 'hx-download', 'hx-upload' clients for the feature Assisted-by: ad-chaos on github Closes #15211
42 lines
1.4 KiB
Markdown
42 lines
1.4 KiB
Markdown
---
|
|
c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
|
|
SPDX-License-Identifier: curl
|
|
Long: tls-earlydata
|
|
Help: Allow use of TLSv1.3 early data (0RTT)
|
|
Protocols: TLS
|
|
Added: 8.11.0
|
|
Category: tls
|
|
Multi: boolean
|
|
See-also:
|
|
- tlsv1.3
|
|
- tls-max
|
|
Example:
|
|
- --tls-earlydata $URL
|
|
---
|
|
|
|
# `--tls-earlydata`
|
|
|
|
Enable the use of TLSv1.3 early data, also known as '0RTT' where possible.
|
|
This has security implications for the requests sent that way.
|
|
|
|
This option is used when curl is built to use GnuTLS.
|
|
|
|
If a server supports this TLSv1.3 feature, and to what extent, is announced
|
|
as part of the TLS "session" sent back to curl. Until curl has seen such
|
|
a session in a previous request, early data cannot be used.
|
|
|
|
When a new connection is initiated with a known TLSv1.3 session, and that
|
|
session announced early data support, the first request on this connection is
|
|
sent *before* the TLS handshake is complete. While the early data is also
|
|
encrypted, it is not protected against replays. An attacker can send
|
|
your early data to the server again and the server would accept it.
|
|
|
|
If your request contacts a public server and only retrieves a file, there
|
|
may be no harm in that. If the first request orders a refrigerator
|
|
for you, it is probably not a good idea to use early data for it. curl
|
|
cannot deduce what the security implications of your requests actually
|
|
are and make this decision for you.
|
|
|
|
**WARNING**: this option has security implications. See above for more
|
|
details.
|