Is it safe to use HTTP/3? (0-RTT)

Welcome Lucas! Good question.

This issue has the most recent discussion about this, as of last week, including Marten’s opinion (the author of our HTTP/3 lib):

If there is a vulnerability there, it is orthogonal to the web server and likely more of an application concern. (Replay attacks are not unique to 0-RTT.)

2 Likes