caddyhttp: Option to disable 0-RTT (#7485)

2026-05-13 09:06:41 +00:00 · 2026-02-16 12:20:47 -05:00 · 2026-02-16 12:20:47 -05:00 · d64c7e67a4
commit d64c7e67a4
parent ff4f79aebe
4 changed files with 35 additions and 4 deletions
--- a/listeners.go
+++ b/listeners.go
@ -511,7 +511,7 @@ func JoinNetworkAddress(network, host, port string) string {
 //
 // NOTE: This API is EXPERIMENTAL and may be changed or removed.
 // NOTE: user should close the returned listener twice, once to stop accepting new connections, the second time to free up the packet conn.
-func (na NetworkAddress) ListenQUIC(ctx context.Context, portOffset uint, config net.ListenConfig, tlsConf *tls.Config, pcWrappers []PacketConnWrapper) (http3.QUICListener, error) {
+func (na NetworkAddress) ListenQUIC(ctx context.Context, portOffset uint, config net.ListenConfig, tlsConf *tls.Config, pcWrappers []PacketConnWrapper, allow0rttconf *bool) (http3.QUICListener, error) {
 	lnKey := listenerKey("quic"+na.Network, na.JoinHostPort(portOffset))

 	sharedEarlyListener, _, err := listenerPool.LoadOrNew(lnKey, func() (Destructor, error) {
@ -550,10 +550,14 @@ func (na NetworkAddress) ListenQUIC(ctx context.Context, portOffset uint, config
 			Conn:                h3ln,
 			VerifySourceAddress: func(addr net.Addr) bool { return !limiter.Allow() },
 		}
+		allow0rtt := true
+		if allow0rttconf != nil {
+			allow0rtt = *allow0rttconf
+		}
 		earlyLn, err := tr.ListenEarly(
 			http3.ConfigureTLSConfig(quicTlsConfig),
 			&quic.Config{
-				Allow0RTT: true,
+				Allow0RTT: allow0rtt,
 				Tracer:    h3qlog.DefaultConnectionTracer,
 			},
 		)