DOC: ssl: Document the restrictions on 0RTT.

Document that with QUIC, 0RTT only works with OpenSSL >= 3.5.2 and AWS-LC, and for TLS/TCP, it only works with OpenSSL, and frontends require that an ALPN be sent by the client to use the early data before the handshake.
2026-05-04 04:31:49 +02:00 · 2025-11-25 11:02:21 +01:00 · 2025-11-25 11:02:21 +01:00 · f867068dc7
commit f867068dc7
parent 91eb9b082b
1 changed files with 6 additions and 0 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -16513,6 +16513,10 @@ allow-0rtt
  you should only allow if for requests that are safe to replay, i.e. requests
  that are idempotent. You can use the "wait-for-handshake" action for any
  request that wouldn't be safe with early data.
+  With QUIC, 0rtt is supported with OpenSSL >= 3.5.2 and AWS-LC. With TCP/TLS,
+  0rtt is only supported with OpenSSL, and requires that the client sends an
+  ALPN, otherwise the early data won't be considered before the handshake
+  happens.

 alpn <protocols>
  This enables the TLS ALPN extension and advertises the specified protocol
@ -17741,6 +17745,8 @@ allow-0rtt
  Allow sending early data to the server when using TLS 1.3.
  Note that early data will be sent only if the client used early data, or
  if the backend uses "retry-on" with the "0rtt-rejected" keyword.
+  With QUIC, 0rtt is supported with OpenSSL >= 3.5.2 and AWS-LC. With TCP/TLS,
+  0rtt is only supported with OpenSSL.

 alpn <protocols>
  May be used in the following contexts: tcp, http