-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for 0-RTT #139
Comments
@henrydcase Doesn't tris already accept earlydata from clients or is the implementation yet incomplete ? |
The server does accept it if configured through There is no client support for 0-RTT though. |
Alright, I see. If I would now build caddy webserver with tls-tris and therefore 0-rtt support, would this be successful? I mean, can I build golang 1.12 or newer with tris and if yes would caddy be able to use 0-rtt feature? EDIT: I really like caddy to benefit from 0-rtt, because of the huge TTFB benefits. Thank you so much! |
Adding 0-RTT has security implications, it is not safe against replay attacks for example unless the server has additional protection mechanisms. Adding support to something like caddy is probably not a quick task, volunteers are welcome to suggest some changes :) |
@henrocker Any success with caddy client support? @Lekensteyn Understanding the security implications, have you seen any implementations of golang client-side supporting 0-RTT? We've implemented on our server-side and tested with a rust client using https://github.com/ctz/rustls and achieved 1-RTT so far; with 60% reduction in average response time, but are now trying to update our golang client side... |
Didn't invest more time into this. I'm patiently waiting for h3-23 in Caddy v2. |
@MikeSchroll I am not aware of a Go implementation of TLS with support for early data. The TLS implementation used by quic-go (which is used by Caddy for HTTP/3 support) also does not support 0-RTT from what I can see (https://github.com/marten-seemann/qtls). Before adding a client implementation, I would probably start with a survey of APIs for 0-RTT support in other languages and their usage by client applications. Maybe someone even wrote an I-D/RFC about 0-RTT profiles/usage. |
It was reported that support for 0-RTT has an interoperability issue (tested against OpenSSL and Haskel TLS). We do have tests for 0-RTT, but they may not cover functionality completely .
To be investigated first and fixed
The text was updated successfully, but these errors were encountered: