[openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open

Kurt Roeckx via RT rt at openssl.org
Mon Jan 25 18:42:02 UTC 2016


On Mon, Jan 25, 2016 at 06:24:55PM +0000, Sara Dickinson via RT wrote:
> Hi,
> 
> I would like to request that support be added to OpenSSL to enable client applications to make use use of TCP Fast Open (https://tools.ietf.org/html/rfc7413 <https://tools.ietf.org/html/rfc7413>) when initiating the TLS handshake on Linux (TCP Fast Open is available in Linux kernel > 4.1). 

I've seen that request, and I have tought about it.  I'm just
wondering if that comes with security consequences, like replay
attacks.  Specially in combination with what they're doing with
TLS 1.3.

The API clearly doesn't support anything like that currently.


Kurt




More information about the openssl-dev mailing list