This seems to be a bug in how s_time handles the TLS 1.3 post-handshake
NewSessionTicket message; more specifically: not handling the retry when
SSL_read() returns -1.
The following diff (in tls1.3-draft-19 branch) appears to resolve the issue:
$ git diff
diff --git a/apps/s_time.c b/apps/s_time.c
index 998ef72..caa1b22 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -234,8 +234,8 @@ int s_time_main(int argc, char **argv)
fmt_http_get_cmd, www_path);
if (SSL_write(scon, buf, buf_len) <= 0)
goto end;
- while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
- bytes_read += i;
+ while ((i = SSL_read(scon, buf, sizeof(buf))) > 0 ||
BIO_should_retry(SSL_get_rbio(scon)))
+ if (i > 0) bytes_read += i;
}
--Roelof
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
