[gnutls-devel] TCP Fast Open
Tim Ruehsen
tim.ruehsen at gmx.de
Thu Jul 21 16:06:17 CEST 2016
On Thursday, July 21, 2016 3:34:11 PM CEST Nikos Mavrogiannopoulos wrote:
> On Wed, Jul 20, 2016 at 1:06 PM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
> >> > I just wanted to mention that I recently added TFO in Wget2 using
> >> > GnuTLS
> >> > (tested on Linux, speedup ~ 1xRTT).
> >>
> >> Hi Tim,
> >>
> >> That sounds great. Did you combine that with other optimizations such
> >>
> >> as session resumption and false start?
> >
> > I just did combine TFO with False Start in wget2 - and yes, it is another
> > 1xRTT speedup !
>
> One question with that. Do you plan to enable it unconditionally or
> conditionally if some state is known about the server? I know that
> google has done quite some experiments with false start and chrome and
> they only enable it on specific servers. The reason I believe is that
> certain middle-boxes choke when a finished message is followed by
> application data.
Thanks for the hint !
I would like to enable it by default...
Everybody wants 0RTT for TLS a.s.a.p., middle boxes just have to work :-) .
But of course we have to be careful for the near future.
I will need to make lot's of tests before I can decide. But for now (during
development / pre-release), I have these feature enabled by default.
BTW, just testing False Start together with session resumption (with GnuTLS
3.5 / master)... as it turns out, after handshake returns there is no session
data yet. I guess it is available after the first read !? Or what is the best
time to retrieve it ?
Regards, Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20160721/53272788/attachment.sig>
More information about the Gnutls-devel
mailing list