HTTP/3 0-RTT Connection Setup Explained
Learn how HTTP/3 achieves 0-RTT connection establishment through QUIC, eliminating round trips for returning visitors and dramatically reducing time to first byte.
Detailed Explanation
0-RTT: The Fastest Possible Connection
One of HTTP/3's most impressive features is the ability to send application data on the very first packet of a connection, achieving 0 round-trip time (0-RTT) for returning visitors.
How Connection Setup Evolved
HTTP/1.1 + TLS 1.2: 3 round trips minimum
- TCP SYN/SYN-ACK/ACK (1 RTT)
- TLS ClientHello/ServerHello (1 RTT)
- TLS key exchange (1 RTT)
HTTP/2 + TLS 1.3: 2 round trips
- TCP handshake (1 RTT)
- TLS 1.3 handshake with 0-RTT data (1 RTT)
HTTP/3 (QUIC) first connection: 1 round trip
- QUIC combines transport and crypto handshake (1 RTT)
HTTP/3 (QUIC) returning visitor: 0 round trips
- QUIC 0-RTT uses previously cached keys to send data immediately
How 0-RTT Works
When a client first connects to a server via QUIC, the server provides a session ticket and transport parameters. On the next visit, the client encrypts early data using the cached ticket and sends it alongside the QUIC handshake — no waiting.
First visit: Returning visit:
Client Server Client Server
|----->| (1) |--data->| (0)
|<-----| |<-------|
|--data>| |--data->|
|<-----| |<-------|
3 pkts before Data sent on
first data first packet!
Security Considerations
0-RTT data is vulnerable to replay attacks. An attacker who captures the initial packet could resend it. For this reason, servers should only accept 0-RTT data for idempotent operations (GET requests, not POST). Most QUIC implementations enforce this restriction.
Use Case
0-RTT is most impactful for latency-sensitive applications with returning users: news websites, e-commerce sites, and APIs called repeatedly from mobile apps. On a 100ms RTT connection, 0-RTT saves 200-300ms of connection setup time, which can be the difference between a fast and sluggish experience.