From 69752964944ef9c8dc03477ee95bc7d149a72089 Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Tue, 8 Jan 2019 15:35:32 +0100 Subject: [PATCH] DOC: Be a bit more explicit about allow-0rtt security implications. Document a bit better than allow-0rtt can trivially be used for replay attacks, and so should only be used when it's safe to replay a request. This should probably be backported to 1.8 and 1.9. --- doc/configuration.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 2447254c48..888515fb22 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -10768,7 +10768,10 @@ accept-proxy allow-0rtt Allow receiving early data when using TLSv1.3. This is disabled by default, - due to security considerations. + due to security considerations. Because it is vulnerable to replay attacks, + you should only allow if for requests that are safe to replay, ie requests + that are idempotent. You can use the "wait-for-handshake" action for any + request that wouldn't be safe with early data. alpn This enables the TLS ALPN extension and advertises the specified protocol -- 2.47.3