My understanding is that Caddy doesn’t support 0-RTT by design as it would be dangerous to users who don’t understand it. However, it does support HTTP/3 which I believe by default, works with 0-RTT.
If I have a reverse_proxy to a webpage which is potentially vulnerable to possible replay attacks on 0-RTT, wouldn’t having HTTP/3 enabled be a security issue?
I’ve seen references by Caddy on 0-RTT support but I’m unsure if what exactly they mean.
Here, it’s said it would probably not be implemented: (TLS 1.3, not HTTP/3)
But then I see references to 0-RTT in QUIC on Caddy’s recent changelogs:
Is QUIC’s 0-RTT implementation not vulnerable to this? I’m very confused about the entire thing. I do NOT want to have to disable HTTP/3 to get rid of possible 0-RTT attacks, but if this is the case then I will end up having to do it.
This issue has the most recent discussion about this, as of last week, including Marten’s opinion (the author of our HTTP/3 lib):
If there is a vulnerability there, it is orthogonal to the web server and likely more of an application concern. (Replay attacks are not unique to 0-RTT.)