DOC: Be a bit more explicit about allow-0rtt security implications. Document a bit better than allow-0rtt can trivially be used for replay attacks, and so should only be used when it's safe to replay a request. This should probably be backported to 1.8 and 1.9.

commit: 69752964944ef9c8dc03477ee95bc7d149a72089 [log] [tgz]
author: Olivier Houchard <ohouchard@haproxy.com> Tue Jan 08 15:35:32 2019 +0100
committer: Willy Tarreau <w@1wt.eu> Wed Jan 09 16:26:33 2019 +0100
tree: 91ae5126c92f1f812a95cec4b1ff09510e82d5fe
parent: 51088ce68fee0bae52118d6823873417046f9efe [diff]
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 2447254..888515f 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -10768,7 +10768,10 @@
 
 allow-0rtt
   Allow receiving early data when using TLSv1.3. This is disabled by default,
-  due to security considerations.
+  due to security considerations. Because it is vulnerable to replay attacks,
+  you should only allow if for requests that are safe to replay, ie requests
+  that are idempotent. You can use the "wait-for-handshake" action for any
+  request that wouldn't be safe with early data.
 
 alpn <protocols>
   This enables the TLS ALPN extension and advertises the specified protocol
commit	69752964944ef9c8dc03477ee95bc7d149a72089	[log] [tgz]
author	Olivier Houchard <ohouchard@haproxy.com>	Tue Jan 08 15:35:32 2019 +0100
committer	Willy Tarreau <w@1wt.eu>	Wed Jan 09 16:26:33 2019 +0100
tree	91ae5126c92f1f812a95cec4b1ff09510e82d5fe
parent	51088ce68fee0bae52118d6823873417046f9efe [diff]