QUIC: discarding 0-RTT keys.

author Sergey Kandaurov <pluknet@nginx.com>

Fri, 9 Aug 2024 15:12:25 +0000 (19:12 +0400)

committer Sergey Kandaurov <pluknet@nginx.com>

Fri, 9 Aug 2024 15:12:25 +0000 (19:12 +0400)
author Sergey Kandaurov <pluknet@nginx.com>
Fri, 9 Aug 2024 15:12:25 +0000 (19:12 +0400)
committer Sergey Kandaurov <pluknet@nginx.com>
Fri, 9 Aug 2024 15:12:25 +0000 (19:12 +0400)
diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c

index e4690f7dddcc388b3d0ade7c9d0f08596db734ea..c03b1d003adc59c91f850c5312992a2e9f6d1a51 100644 (file)
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -1022,6 +1022,16 @@ ngx_quic_handle_payload(ngx_connection_t *c, ngx_quic_header_t *pkt)
          }
      }
  
+    if (pkt->level == ssl_encryption_application) {
+        /*
+         * RFC 9001, 4.9.3.  Discarding 0-RTT Keys
+         *
+         * After receiving a 1-RTT packet, servers MUST discard
+         * 0-RTT keys within a short time
+         */
+        ngx_quic_discard_ctx(c, ssl_encryption_early_data);
+    }
+
      if (qc->closing) {
          /*
           * RFC 9000, 10.2.  Immediate Close
author	Sergey Kandaurov <pluknet@nginx.com>
	Fri, 9 Aug 2024 15:12:25 +0000 (19:12 +0400)
committer	Sergey Kandaurov <pluknet@nginx.com>
	Fri, 9 Aug 2024 15:12:25 +0000 (19:12 +0400)