1

As modern systems, especially for micro-services, connection pooling for HTTP client is quite often deployed. But with the QUIC + TLS1.3, it seems like to me that connection pooling would be useless as there is support for 0-RTT in QUIC.

Is any QUIC expert available to share more on this topic?

MJ.L
  • 13
  • 2

1 Answers1

0

It's still valid, because:

  • a 0-RTT request is more computentionally expensive on both the client as well as the server side than just reusing the connection, since all private key crypto operations and certificate checks still apply
  • 0-RTT requests can introduce security issues due to providing a chance for replay attacks (see https://tools.ietf.org/html/draft-ietf-quic-tls-34#section-9.2). Without using the 0-RTT feature a QUIC handshake still requires 1-RTT.

However since QUIC already provides multiplexing multiple requests on a stream the client should not be required to keep a full pool of connections around. A single connection is typically sufficient, as long as the server advertises being able to support a high enough number of streams.

Matthias247
  • 8,111
  • 1
  • 14
  • 25