id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1718	More info on ssl_early_data security	Sam Bull		"I'm looking at the RFC relating to 0-RTT, and trying to understand how ssl_early_data can be used safely.

If I understand correctly, the main replay issues are not an issue for idempotent actions. Therefore it should be safe to enable for static assets and any pages with fastcgi_cache enabled, etc.

However, it also talks about indirect attacks from a large number of replays, and says that a server ""MUST ensure that it would accept 0-RTT for the same 0-RTT handshake at most once"".

So, my question is: Does Nginx meet this last requirement? And, please add this information to the ssl_early_data documentation."	enhancement	closed	minor		documentation	1.15.x	invalid				nginx