Don't flush the ClientHello if we're going to send early data
We'd like the first bit of early_data and the ClientHello to go in the
same TCP packet if at all possible to enable things like TCP Fast Open.
Also, if you're only going to send one block of early data then you also
don't need to worry about TCP_NODELAY.
Fixes #4783
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4802)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 51cdd58..b47ae1e 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -665,9 +665,11 @@
/* Fall through */
case TLS_ST_EARLY_DATA:
+ return tls_finish_handshake(s, wst, 0, 1);
+
case TLS_ST_OK:
/* Calls SSLfatal() as required */
- return tls_finish_handshake(s, wst, 1);
+ return tls_finish_handshake(s, wst, 1, 1);
}
return WORK_FINISHED_CONTINUE;
@@ -697,8 +699,6 @@
* we call tls13_change_cipher_state() directly.
*/
if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0) {
- if (!statem_flush(s))
- return WORK_MORE_A;
if (!tls13_change_cipher_state(s,
SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
/* SSLfatal() already called */
@@ -737,8 +737,6 @@
break;
if (s->early_data_state == SSL_EARLY_DATA_CONNECTING
&& s->max_early_data > 0) {
- if (statem_flush(s) != 1)
- return WORK_MORE_A;
/*
* We haven't selected TLSv1.3 yet so we don't call the change
* cipher state function associated with the SSL_METHOD. Instead
