In order to contribute to the development of the TLSv1.3 protocol, we have enabled TLSv1.3 support in nghttpx, and made it publicly available at https://nghttp2.org:13443. It is currently draft-19.

nghttpx uses OpenSSL as an underlying TLS backend. OpenSSL community has done a great job, and been developing TLSv1.3 support (they are still WIP), and it is available in OpenSSL master branch. So just building nghttpx with this bleeding edge version of OpenSSL could enable TLSv1.3 support. But we have taken one step further, and implemented 0-RTT early data support using new SSL_read_early_data API.

For those of you to build OpenSSL from their git repository, in order to enable TLSv1.3 support, pass enable-tls1_3 option to Configure script.

In order to enable 0-RTT support in nghttpx, check out nghttpx: Enable TLSv1.3 0-RTT early data support. Please note that this branch may be rebased time to time.

To send 0-RTT early data with openssl s_client, first save a session, like so:

1

$ openssl s_client -connect nghttp2.org:13443 -sess_out session.dat

The session is saved in session.dat file. We use this file to resume the session. 0-RTT early data should be stored in file. We have the following file for this example:

1
2
3
4
5

$ cat http.txt
GET / HTTP/1.1
Host: nghttp2.org:13443

$ # Don't forget to the trailing empty line to terminate HTTP request!

Then run the following command to resume session, and send 0-RTT early data:

1

$ openssl s_client -connect nghttp2.org:13443 -sess_out session.dat -sess_in session.dat -early_data http.txt

If 0-RTT early data is sent, and accepted by the server, you will see the HTTP response header fields and body sent from the server.