DETECTION OVERVIEW

TLS 1.3 Early Data Connection

Risk Factors

To enhance performance for resumed TLS connections, TLS 1.3 enables clients to send requests with early data, also known as zero round trip time (0-RTT). Early data includes a pre-shared key (PSK) from a previous TLS 1.3 connection. An attacker that intercepts HTTPS traffic can replay a request with early data if anti-replay attack techniques are not enabled on the web server. A successful replay attack can resume an unauthorized TLS session with the web server.

Kill Chain

Hardening

Risk Score

Attack Background

Mitigation Options

Implement anti-replay techniques, such as delaying early data processing until after the TLS handshake completes or responding with the 425 (Too Early) status code, which forces a client to resubmit individual requests
If unable to implement anti-replay techniques, disable support for TLS early data, which blocks all requests with early data

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

What else can RevealX do for you?

View our Periodic Table of use cases