pt., 4 sty 2019 o 11:59 Olivier Houchard <> napisaƂ(a):
> I understand the concern.
> I checked and both nghttp2 and nginx disable the replay protection. The idea
> is you're supposed to allow early data only on harmless requests anyway, ie
> ones that could be replayed with no consequence.

Sorry for the late reply, I was pondering the problem ;) I'm pretty ok
with this patch, especially since others seem to do the same. And my
use case is DNS-over-TLS, which has no problems with replays anyway ;)

However, I believe in general this is a bit more complicated. RFC 8446
described this in detail in section 8:
My understanding is that RFC highly recommends anti-replay with 0-RTT.
It seems that s_server implements single use tickets, which is exactly
what is in section 8.1. The above patch disables anti-replay
completely in haproxy, which might warrant some updates to
documentation about allow-0rtt option?

Janusz Dziemidowicz

Reply via email to