As a protocol feature baked into TLS 1.3, 0-RTT (Zero Round-Trip Time) helps clients more quickly establish secure connections via key exchanges with the server. The data that traverses this connection is cryptographically protected, and there's no need to share key exchange protocol messages before transmission.
0-RTT provides perfect forward secrecy since encryption and decryption keys are changed automatically and often. This constant refresh cycle strengthens security and minimizes secure data leakage during a hack.
How does 0-RTT work?
The 0-RTT process works in three steps:
Client "Hello" – The client packages together 0-RTT data (occasionally from a previous session, if possible) with a "client hello" message to the server. Any sent data is encrypted and requires a shared secret for decryption.
Server "Hello" – Upon receiving the client's initial message, the server will verify the client's identity and then decrypt any received data. This requires the server to recognize the client and the encrypted data.
Server response – The server sends a response to the client.
Since the encrypted data arrives alongside the handshake, a network round trip is saved. However, organizations must still watch out for targeted replay attacks, in which attackers intercept original client messages and attempt to read them. While no security solution is perfect, cryptography helps maintain data integrity and privacy.
Does HAProxy support 0-RTT?
Yes! HAProxy has long supported 0-RTT since HAProxy 1.8. If the client uses 0-RTT, then HAProxy will also connect to backend servers using the same method. You only need to compile your version of HAProxy with OpenSSL 1.1.1+ and add a simple line within your bind or server configurations.
To learn more about using 0-RTT with HAProxy, read our TLS 1.3 and 0-RTT blog post or read our configuration documentation to understand defaults and security considerations.