|
79 | 79 | - 5.2.4.1. Variables |
80 | 80 | - 5.2.4.2. Adding a Loop |
81 | 81 | - 5.2.5. Final Note |
| 82 | +- Chapter 6: DTLS 1.3 Early Data (0-RTT) with Session Resumption |
82 | 83 | - References |
83 | 84 | ## CHAPTER 1: A Simple UDP Server & Client |
84 | 85 | ### Section 1: By Kaleb Himes |
@@ -1679,6 +1680,50 @@ The code above was taken directly from the DTLS server nonblocking file. |
1679 | 1680 |
|
1680 | 1681 | Be sure to keep in mind that the `AwaitDatagram` code is essentially one large loop that will attempt to listen for a client (in a nonblocking fashion) at every iteration, and will close the loop upon a signal passed by the user. |
1681 | 1682 |
|
| 1683 | +## Chapter 6: DTLS 1.3 Early Data (0-RTT) with Session Resumption |
| 1684 | + |
| 1685 | +This pair of examples demonstrates DTLS 1.3 early data (0-RTT) using wolfSSL. |
| 1686 | +The client performs an initial connection to obtain a session ticket, then |
| 1687 | +reconnects and sends early data during the resumed handshake. The server reads |
| 1688 | +early data and can send application data immediately (so-called 0.5-RTT), then |
| 1689 | +continues with the normal handshake/application data flow. |
| 1690 | + |
| 1691 | +It is recommended to build wolfSSL with `WOLFSSL_DTLS13_NO_HRR_ON_RESUME` so the |
| 1692 | +server does not send a HelloRetryRequest (HRR) when resuming sessions. (The |
| 1693 | +server example also enables this behavior per-connection with |
| 1694 | +`wolfSSL_dtls13_no_hrr_on_resume()`.) |
| 1695 | + |
| 1696 | +Files: |
| 1697 | +- `server-dtls13-earlydata.c`: DTLS 1.3 server that receives early data using |
| 1698 | + `wolfSSL_read_early_data()`. It sets a maximum early data size using |
| 1699 | + `wolfSSL_CTX_set_max_early_data()` and may send 0.5-RTT application data. |
| 1700 | +- `client-dtls13-earlydata.c`: DTLS 1.3 client that first connects to obtain a |
| 1701 | + session ticket, then reconnects and sends early data using |
| 1702 | + `wolfSSL_write_early_data()` before finishing the handshake. After the |
| 1703 | + handshake, it also sends a normal (post-handshake) application data message. |
| 1704 | + |
| 1705 | +Build requirements: |
| 1706 | +- wolfSSL must be built with DTLS 1.3 and early data support enabled. |
| 1707 | + Enable early data support by building wolfSSL with |
| 1708 | + `--enable-earlydata --enable-session-ticket`. |
| 1709 | + |
| 1710 | +Build and run (in `wolfssl-examples/dtls`, in separate terminals): |
| 1711 | + |
| 1712 | +```sh |
| 1713 | +make clean && make |
| 1714 | +./server-dtls13-earlydata |
| 1715 | +./client-dtls13-earlydata 127.0.0.1 |
| 1716 | +``` |
| 1717 | + |
| 1718 | +Expected behavior: |
| 1719 | +- On the first client run/connection, a full handshake completes and a session |
| 1720 | + ticket is obtained. |
| 1721 | +- On the second connection, the client sends early data immediately and then |
| 1722 | + completes the DTLS handshake. |
| 1723 | +- The server logs any received early data, may send a reply during early-data |
| 1724 | + processing, then finishes the handshake and sends a normal reply after |
| 1725 | + handshake completion. |
| 1726 | + |
1682 | 1727 | #### 5.2.5 Final note |
1683 | 1728 | And that's it! The server has been made into a nonblocking server, and the client has been made into a nonblocking client. |
1684 | 1729 |
|
|
0 commit comments