DevToolbox

HTTP 425 Too Early

The server is unwilling to risk processing a request that might be replayed.

4xx Client Error

425

Too Early

Description

The 425 Too Early status code indicates that the server is unwilling to risk processing a request that might be replayed. This status code is used with TLS 1.3 Early Data (0-RTT). In TLS 1.3, clients can send data in the first message of the TLS handshake (0-RTT), which reduces latency. However, this early data is susceptible to replay attacks. A server that receives a request in early data can respond with 425 to indicate that the client should retry the request after the TLS handshake has completed, when replay protection is available.

When Is It Used?

Encountered with TLS 1.3 early data (0-RTT requests) where the server cannot guarantee the request is not a replay. The server asks the client to wait for the full TLS handshake before retrying.

Example Response

HTTP/1.1 425 Too Early
Content-Type: text/plain

This request cannot be processed using early data. Please retry.

Related Status Codes

400

Bad Request

The server cannot process the request due to a client error.

503

Service Unavailable

The server is currently unable to handle the request due to temporary overload or maintenance.

Look Up Any Status Code

Browse all status codes