Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for 0-RTT #139

Open
kriskwiatkowski opened this issue Sep 25, 2018 · 7 comments
Open

Support for 0-RTT #139

kriskwiatkowski opened this issue Sep 25, 2018 · 7 comments

Comments

@kriskwiatkowski
Copy link
Contributor

kriskwiatkowski commented Sep 25, 2018
edited
Loading

It was reported that support for 0-RTT has an interoperability issue (tested against OpenSSL and Haskel TLS). We do have tests for 0-RTT, but they may not cover functionality completely .
To be investigated first and fixed
@high3eam
Copy link

high3eam commented Aug 7, 2019

@henrydcase Doesn't tris already accept earlydata from clients or is the implementation yet incomplete ?

@Lekensteyn
Copy link
Contributor

The server does accept it if configured through tls.Config, see _dev/tris-localserver/server.go for tests.

There is no client support for 0-RTT though.

@high3eam
Copy link

high3eam commented Aug 7, 2019
edited
Loading

Alright, I see. If I would now build caddy webserver with tls-tris and therefore 0-rtt support, would this be successful?

I mean, can I build golang 1.12 or newer with tris and if yes would caddy be able to use 0-rtt feature?

EDIT:
I can build caddy with tris successfully. Now that I'm not really into go programming really, would a few of you be able to guide me on how to integrate 0-rtt earlydata into caddy webserver?

I really like caddy to benefit from 0-rtt, because of the huge TTFB benefits.

Thank you so much!

@Lekensteyn
Copy link
Contributor

Adding 0-RTT has security implications, it is not safe against replay attacks for example unless the server has additional protection mechanisms.

Adding support to something like caddy is probably not a quick task, volunteers are welcome to suggest some changes :)

@MikeSchroll
Copy link

MikeSchroll commented Nov 6, 2019
edited
Loading

@henrocker Any success with caddy client support?

@Lekensteyn Understanding the security implications, have you seen any implementations of golang client-side supporting 0-RTT? We've implemented on our server-side and tested with a rust client using https://github.com/ctz/rustls and achieved 1-RTT so far; with 60% reduction in average response time, but are now trying to update our golang client side...

@high3eam
Copy link

high3eam commented Nov 6, 2019

@henrocker Any success with caddy client support?

Didn't invest more time into this. I'm patiently waiting for h3-23 in Caddy v2.

@Lekensteyn
Copy link
Contributor

@MikeSchroll I am not aware of a Go implementation of TLS with support for early data. The TLS implementation used by quic-go (which is used by Caddy for HTTP/3 support) also does not support 0-RTT from what I can see (https://github.com/marten-seemann/qtls).

Before adding a client implementation, I would probably start with a survey of APIs for 0-RTT support in other languages and their usage by client applications. Maybe someone even wrote an I-D/RFC about 0-RTT profiles/usage.

@francislavoie francislavoie mentioned this issue Aug 19, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@MikeSchroll @Lekensteyn @kriskwiatkowski @high3eam