0-RTT
Sending application data on the very first packet of a TLS 1.3 or QUIC connection, with zero round-trip handshake delay. Only works for returning visitors who have a cached session ticket.
Full Explanation
Normally, establishing a new HTTPS connection costs 2-3 round trips (TCP + TLS) before any data flows. 0-RTT eliminates this for returning visitors. The client stores a session ticket from a previous connection and uses it to send encrypted data in the very first packet.
For CDNs, 0-RTT is significant because it shaves an entire round trip off the connection setup. On a 100ms RTT link, that's 100ms faster. For a mobile user on cellular (200-300ms RTT), it's even more impactful.
The security tradeoff: 0-RTT data can be replayed by an attacker. If someone captures the initial packet, they can resend it later. That's fine for idempotent requests (GET), but dangerous for state-changing requests (POST). Most CDNs only allow 0-RTT for safe HTTP methods.
Examples
# TLS 1.3 0-RTT in Nginx
server {
listen 443 ssl;
ssl_protocols TLSv1.3;
ssl_early_data on; # Enable 0-RTT
# Protect against replay attacks
proxy_set_header Early-Data $ssl_early_data;
# Backend can check this header and reject
# non-idempotent requests with Early-Data: 1
}
# QUIC 0-RTT (automatic with HTTP/3)
server {
listen 443 quic;
http3 on;
ssl_early_data on;
}
# Test with curl
$ curl --http3 --tls-earlydata https://cdn.example.com/Frequently Asked Questions
Sending application data on the very first packet of a TLS 1.3 or QUIC connection, with zero round-trip handshake delay. Only works for returning visitors who have a cached session ticket.
# TLS 1.3 0-RTT in Nginx
server {
listen 443 ssl;
ssl_protocols TLSv1.3;
ssl_early_data on; # Enable 0-RTT
# Protect against replay attacks
proxy_set_header Early-Data $ssl_early_data;
# Backend can check this header and reject
# non-idempotent requests with Early-Data: 1
}
# QUIC 0-RTT (automatic with HTTP/3)
server {
listen 443 quic;
http3 on;
ssl_early_data on;
}
# Test with curl
$ curl --http3 --tls-earlydata https://cdn.example.com/Related CDN concepts include:
- HTTP/3 — The latest HTTP version, built on QUIC instead of TCP. Eliminates TCP head-of-line blocking, enables …
- QUIC (QUIC) — A transport protocol built on UDP that replaces TCP for HTTP/3. Provides built-in encryption, eliminates …
- RTT (Round-Trip Time) (RTT) — The time it takes for a packet to travel from client to server and back. …
- TLS (Transport Layer Security) (TLS) — The encryption protocol that secures HTTPS connections. TLS encrypts data in transit between client and …
- TTFB (Time To First Byte) (TTFB) — The time from the start of a request to receiving the first byte of the …