0-RTT Handshakes


0-RTT Handshakes is a TLS 1.3 TLS Handshake proposal to let clients encrypt application data and include it in their first flights.

On a previous connection, after the handshake completes, the server would send a TLS Server Configuration message that the client can use for 0-RTT Handshakes on subsequent connections.

The TLS Server Configuration includes a configuration identifier, the server's semi-static ECDH parameters, an expiration date, and other details.

With the very first TLS record the client sends its ClientHello and, changing the order of messages, directly appends application data (e.g. HTTP GET / HTTP/1.1). Everything after the ClientHello will be encrypted with the static secret, derived from the client’s Ephemeral Key ShareEntry and the semi-static DH parameters given in the TLS Server Configuration . The end_of_early_data alert indicates the end of the flight.

The server, if able and willing to decrypt, responds with its default set of messages and immediately appends the contents of the requested resource. That is the same round-trip time as for an unencrypted HTTP request. All communication following the ServerHello will again be encrypted with the ephemeral secret, derived from the client’s and server’s Ephemeral Key shares. After exchanging Finished messages the server will be re-authenticated, and traffic encrypted with keys derived from the Master Secret.

More Information#

There might be more information for this subject on one of the following: