From: Olivier Houchard <ohouchard@haproxy.com>
Date: Tue, 8 Jan 2019 14:35:32 +0000 (+0100)
Subject: DOC: Be a bit more explicit about allow-0rtt security implications.
X-Git-Tag: v2.0-dev1~231
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=69752964944ef9c8dc03477ee95bc7d149a72089;p=thirdparty%2Fhaproxy.git

DOC: Be a bit more explicit about allow-0rtt security implications.

Document a bit better than allow-0rtt can trivially be used for replay attacks,
and so should only be used when it's safe to replay a request.

This should probably be backported to 1.8 and 1.9.
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 2447254c48..888515fb22 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -10768,7 +10768,10 @@ accept-proxy
 
 allow-0rtt
   Allow receiving early data when using TLSv1.3. This is disabled by default,
-  due to security considerations.
+  due to security considerations. Because it is vulnerable to replay attacks,
+  you should only allow if for requests that are safe to replay, ie requests
+  that are idempotent. You can use the "wait-for-handshake" action for any
+  request that wouldn't be safe with early data.
 
 alpn <protocols>
   This enables the TLS ALPN extension and advertises the specified protocol