[gnutls-devel] TCP Fast Open

Tim Ruehsen tim.ruehsen at gmx.de
Thu Jul 21 16:06:17 CEST 2016

On Thursday, July 21, 2016 3:34:11 PM CEST Nikos Mavrogiannopoulos wrote:
> On Wed, Jul 20, 2016 at 1:06 PM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
> >> > I just wanted to mention that I recently added TFO in Wget2 using
> >> > GnuTLS
> >> > (tested on Linux, speedup ~ 1xRTT).
> >> 
> >> Hi Tim,
> >> 
> >>  That sounds great. Did you combine that with other optimizations such
> >> 
> >> as session resumption and false start?
> > 
> > I just did combine TFO with False Start in wget2 - and yes, it is another
> > 1xRTT speedup !
> One question with that. Do you plan to enable it unconditionally or
> conditionally if some state is known about the server? I know that
> google has done quite some experiments with false start and chrome and
> they only enable it on specific servers. The reason I believe is that
> certain middle-boxes choke when a finished message is followed by
> application data.

Thanks for the hint !

I would like to enable it by default...
Everybody wants 0RTT for TLS a.s.a.p., middle boxes just have to work :-) .

But of course we have to be careful for the near future.

I will need to make lot's of tests before I can decide. But for now (during 
development / pre-release), I have these feature enabled by default.

BTW, just testing False Start together with session resumption (with GnuTLS 
3.5 / master)... as it turns out, after handshake returns there is no session 
data yet. I guess it is available after the first read !? Or what is the best 
time to retrieve it ?

Regards, Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160721/53272788/attachment.sig>

More information about the Gnutls-devel mailing list