TLS 1.3 early data where to put $ssl_early_data

Question

I've set ssl_early_data on; to my nginx.conf (inside http { }) and according to these commands,

echo -e "HEAD / HTTP/1.1\r\nHost: $host\r\nConnection: close\r\n\r\n" > request.txt
openssl s_client -connect example.tld:443 -tls1_3 -sess_out session.pem -ign_eof < request.txt
openssl s_client -connect example.tld:443 -tls1_3 -sess_in session.pem -early_data request.txt

it does work properly.
According to the nginx documentation (https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data), it is recommended to set proxy_set_header Early-Data $ssl_early_data;.
My question is: Where do I set this? Right after ssl_early_data on;, still inside http { }?

You should place it in the same block as your other `proxy_set_header` statements, otherwise it will be ignored. — Richard Smith, Jul 13 '20 at 12:34
I'm not entirely sure that settings the directive is enough is prevent the reply attacks. Check this https://stackoverflow.com/questions/63098503/ssl-early-data-from-nginx-should-the-application-use-it-somehow — Dr. Gianluigi Zane Zanettini, Jul 26 '20 at 09:47

score 2 · Accepted Answer · answered Nov 17 '21 at 15:22

You should pass Early-Data to your application. So you must have something like:

http {

   ...
   # Enabling 0-RTT
   ssl_early_data on;
   ...

   server {
      ...
      # Passing it to the upstream
      proxy_set_header Early-Data $ssl_early_data;
   }

}

Otherwise, you can render you application vulnerable to Replay Attacks: https://blog.trailofbits.com/2019/03/25/what-application-developers-need-to-know-about-tls-early-data-0rtt/

TLS 1.3 early data where to put $ssl_early_data

1 Answers1