Makes sense to me.

Was just working on an implementation but hit a roadblock:
https://github.com/bluejekyll/trust-dns/blob/fba0c67f8fd65956bc4eb8ca95c04ccd5314088e/crates/proto/src/quic/quic_client_stream.rs#L244
https://github.com/bluejekyll/trust-dns/blob/fba0c67f8fd65956bc4eb8ca95c04ccd5314088e/crates/proto/src/quic/quic_client_stream.rs#L254-L261

There is currently no way to get that information out of an Endpoint. I was about to make a PR to Quinn to expose the default client configuration from Endpoint, but that didn't seem to actually help, because quinn::Endpoint stores these as dyn quinn::crypto::ClientConfig, which doesn't require Any so I can't upcast it.

So an easy solution that comes to mind is to extend quinn::crypto::ClientConfig with a method that returns if early data is enabled or not.

That said, I have the suspicion that this check isn't needed in the first place because I think that quinn::Connecting::into_0rtt() doesn't succeed if rustls::client::ClientConfig::enable_early_data isn't enabled in the first place?

Any guidance would be appreciated.

That said, I have the suspicion that this check isn't needed in the first place because I think that quinn::Connecting::into_0rtt() doesn't succeed if rustls::client::ClientConfig::enable_early_data isn't enabled in the first place?

That sounds right, and I think I figured out how it works:

• [quinn::Connecting::into_0rtt()] calls quinn_proto::Connection::has_0rtt(), which yields the value from Connection::zero_rtt_enabled.
• That value is set in quinn_proto::Connection::init_0rtt(), which calls into crypto::Session::early_crypto() to decide if early data is enabled.
• The <quinn::crypto::rustls::TlsSession as quinn::crypto::Session>::early_crypto() implementation calls rustls::quic::ConnectionCommon<Data>::zero_rtt_keys().
• This gets the early secret from common_state.quic.early_secret, which is set in rustls::KeyScheduleEarly::client_early_traffic_secret(). However, that mentions the 0-RTT secret will be clobbered by ExtensionProcessing if 0-RTT should be rejected (but this only applies on the server).
• On the client, client_early_traffic_secret() gets called from rustls::client::tls13::derive_early_traffic_secret.
• This in turn gets called from rustls::client::hs::emit_client_hello_for_retry(), after an early return for !cx.data.early_data.is_enabled().