问题
I'm preparing to turn on nginx ssl_early_data to enable RTT-0 with TLS 1.3.
I understand that, if I don't do it right, replay attacks become possible. I understand that, to prevent this, you need to also use $ssl_early_data
Requests sent within early data are subject to replay attacks. To protect against such attacks at the application layer, the $ssl_early_data variable should be used.
What I don't understand is if it's enough to put this directive in the nginx configuration or if/how the PHP application on my server should somehow use this $ssl_early_data variable and do some additional checks.
来源:https://stackoverflow.com/questions/63098503/ssl-early-data-from-nginx-should-the-application-use-it-somehow