Just a quick note to let those of you who care know that our load balancer finally got bumped up to openssl 1.1.x and is now TLSv1.3 happy. For those of you who are especially paranoid, "ssl_early_data" is explicitly set to "off" in the nginx conf file, actively disabling 0-RTT, even though it's disabled by default.
That's all, carry on.
(Score: 1, Informative) by Anonymous Coward on Thursday November 14 2019, @12:48AM (2 children)
You can verify early_data is off, though you can't verify the contents of the config file (or that it was read, or that it wasn't over-ridden on the command line...) externally, its a communication protocol after all.
The answer here https://stackoverflow.com/questions/53350763/nginx-1-15-6-with-openssl-1-1-1-earlydata-not-sent [stackoverflow.com] contains the openssl commands to verify it, or its inverse.
(Score: 0) by Anonymous Coward on Thursday November 14 2019, @12:52AM (1 child)
For those who are a bit more lazy: https://www.ssllabs.com/ssltest/analyze.html?d=soylentnews.org&s=23.239.29.31 [ssllabs.com] and you can check yourself under "0-RTT"
(Score: 2) by The Mighty Buzzard on Thursday November 14 2019, @01:39AM
That'd include me, yes.
My rights don't end where your fear begins.