1--- 2c: Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 3SPDX-License-Identifier: curl 4Long: tls-earlydata 5Help: Allow use of TLSv1.3 early data (0RTT) 6Protocols: TLS 7Added: 8.11.0 8Category: tls 9Multi: boolean 10See-also: 11 - tlsv1.3 12 - tls-max 13Example: 14 - --tls-earlydata $URL 15--- 16 17# `--tls-earlydata` 18 19Enable the use of TLSv1.3 early data, also known as '0RTT' where possible. 20This has security implications for the requests sent that way. 21 22This option is used when curl is built to use GnuTLS. 23 24If a server supports this TLSv1.3 feature, and to what extent, is announced 25as part of the TLS "session" sent back to curl. Until curl has seen such 26a session in a previous request, early data cannot be used. 27 28When a new connection is initiated with a known TLSv1.3 session, and that 29session announced early data support, the first request on this connection is 30sent *before* the TLS handshake is complete. While the early data is also 31encrypted, it is not protected against replays. An attacker can send 32your early data to the server again and the server would accept it. 33 34If your request contacts a public server and only retrieves a file, there 35may be no harm in that. If the first request orders a refrigerator 36for you, it is probably not a good idea to use early data for it. curl 37cannot deduce what the security implications of your requests actually 38are and make this decision for you. 39 40**WARNING**: this option has security implications. See above for more 41details. 42
