Is it safe to use HTTP/3? (0-RTT)

My understanding is that Caddy doesn’t support 0-RTT by design as it would be dangerous to users who don’t understand it. However, it does support HTTP/3 which I believe by default, works with 0-RTT.

If I have a reverse_proxy to a webpage which is potentially vulnerable to possible replay attacks on 0-RTT, wouldn’t having HTTP/3 enabled be a security issue?

I’ve seen references by Caddy on 0-RTT support but I’m unsure if what exactly they mean.

Here, it’s said it would probably not be implemented: (TLS 1.3, not HTTP/3)

But then I see references to 0-RTT in QUIC on Caddy’s recent changelogs:

Is QUIC’s 0-RTT implementation not vulnerable to this? I’m very confused about the entire thing. I do NOT want to have to disable HTTP/3 to get rid of possible 0-RTT attacks, but if this is the case then I will end up having to do it.

Welcome Lucas! Good question.

This issue has the most recent discussion about this, as of last week, including Marten’s opinion (the author of our HTTP/3 lib):

If there is a vulnerability there, it is orthogonal to the web server and likely more of an application concern. (Replay attacks are not unique to 0-RTT.)

1 Like