ttfb
ttfb copied to clipboard
phip1611
Add 0-RTT
When it's safe to use, 0-RTT can significantly reduce the TTFB. Measuring savings can help inform the cost-effectiveness of implementing safeguards against replay attacks and adopting 0-RTT; this tool is in the perfect position to help.
Hey @Seirdy , thanks for the interest in my library. Can you please provide some more context regarding 0-RTT? Never really heard about it, TBH.
It allows servers to start sending data before completing a TLS handshake. Significantly reduces the TTFB over TLS, as only one round-trip is required (no extra round-trips with QUIC!).
- TLS 1.3 Specification, section 2.3. Appendix E5 describes security considerations.
- More info in the context of QUIC is in RFC 9001 section 4.6.
- Cloudflare blog post
- More info security considerations. Most idempotent content (such as static content) should be safe.
Does this require QUIC or does it also work with HTTP/1.1? That's not entirely clear to me?
I'm unsure how to implement this. Currently, the TLS connection is backed up by rustls. It seems to have 0-rtt support.
Unfortunately, I do not have the capacity now or in the next weeks to work on that. But I'd be happy to with reviewing contributions and eventually merging them.
On the long term, I'd like to have a CLI like this:
ttfb [--http11] [--http2] [--http3] [--quic]
including 0-RTT (possible via CLI flag) - but it takes some effort to do this.