[openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open
Viktor Dukhovni
openssl-users at dukhovni.org
Mon Jan 25 18:51:11 UTC 2016
On Mon, Jan 25, 2016 at 06:42:02PM +0000, Kurt Roeckx via RT wrote:
> On Mon, Jan 25, 2016 at 06:24:55PM +0000, Sara Dickinson via RT wrote:
> > Hi,
> >
> > I would like to request that support be added to OpenSSL to enable client applications to make use use of TCP Fast Open (https://tools.ietf.org/html/rfc7413 <https://tools.ietf.org/html/rfc7413>) when initiating the TLS handshake on Linux (TCP Fast Open is available in Linux kernel > 4.1).
>
> I've seen that request, and I have tought about it. I'm just
> wondering if that comes with security consequences, like replay
> attacks. Specially in combination with what they're doing with
> TLS 1.3.
>
> The API clearly doesn't support anything like that currently.
No security impact. Just a saving of 1-RTT on "warm" TCP reconnects.
If the client's first flight payload also carries 0-RTT TLS 1.3
data, the exposure is the same whether TCP fast open is used or
not.
--
Viktor.
More information about the openssl-dev
mailing list