From 3b1589173f28fccb5816669f3ff4c9ac1e9b573c Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Tue, 7 Aug 2018 02:16:07 +0300
Subject: SSL: support for TLSv1.3 early data with BoringSSL.

Early data AKA 0-RTT mode is enabled as long as "ssl_early_data on" is
specified in the configuration (default is off).

The $ssl_early_data variable evaluates to "1" if the SSL handshake
isn't yet completed, and can be used to set the Early-Data header as
per draft-ietf-httpbis-replay-04.
---
 src/http/modules/ngx_http_ssl_module.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/http/modules/ngx_http_ssl_module.h')

diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
index 57f5941d4..fb3219b63 100644
--- a/src/http/modules/ngx_http_ssl_module.h
+++ b/src/http/modules/ngx_http_ssl_module.h
@@ -20,6 +20,7 @@ typedef struct {
     ngx_ssl_t                       ssl;
 
     ngx_flag_t                      prefer_server_ciphers;
+    ngx_flag_t                      early_data;
 
     ngx_uint_t                      protocols;
 
-- 
cgit