http3: improve description of 0-RTT request replays (#64)

quic-go · Jul 2, 2024 · d45afe4 · d45afe4
1 parent 516d8e9
commit d45afe4
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/content/docs/http3/server.md b/content/docs/http3/server.md
@@ -101,15 +101,15 @@ To allow the client to immediately make use of the settings, the SETTINGS frame
 
 By default, the `http3.Server` enables 0-RTT support on the QUIC layer, thereby allowing clients to send requests using 0-RTT. When using a user-provided `quic.Config`, 0-RTT is only enabled when the `Allow0RTT` config flag is set.
 
-An `http.Handler` can determine if a request was likely sent in 0-RTT by examining the `tls.ConnectionState` associated with the request.
+An `http.Handler` can determine if a request was received before completion of the handshake by examining the `tls.ConnectionState` associated with the request.
 ```go
 func(w http.ResponseWriter, r *http.Request) {
-	wasLikely0RTT := !r.TLS.HandshakeComplete
+	wasPotentiallyReplayed := !r.TLS.HandshakeComplete
 }
 ```
 
-{{< callout type="warning" >}}
-  This is not a 100% reliable way of telling if a request was (fully or partially) sent in 0-RTT data. The `tls.ConnectionState` is obtained from the `quic.Connection` when the request stream is accepted. There's a race condition here: The QUIC STREAM frames might have been sent in 0-RTT, but the handshake could have completed before the HTTP/3 was able to accept the stream.
+{{< callout type="info" >}}
+  As soon as the QUIC handshake completes, it is certain that any HTTP requests sent on the connection were not replayed, even if they were sent in 0-RTT data.
 {{< /callout >}}