[openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open
Sara Dickinson via RT
rt at openssl.org
Tue Jan 26 14:17:57 UTC 2016
> On 25 Jan 2016, at 18:42, Kurt Roeckx via RT <rt at openssl.org> wrote:
>
> On Mon, Jan 25, 2016 at 06:24:55PM +0000, Sara Dickinson via RT wrote:
>> Hi,
>>
>> I would like to request that support be added to OpenSSL to enable client applications to make use use of TCP Fast Open (https://tools.ietf.org/html/rfc7413 <https://tools.ietf.org/html/rfc7413>) when initiating the TLS handshake on Linux (TCP Fast Open is available in Linux kernel > 4.1).
>
> I've seen that request, and I have tought about it. I'm just
> wondering if that comes with security consequences, like replay
> attacks.
Not that I am aware of. I’ve seen the question of security vulnerabilities of TFO raised a few times but never with any concrete examples, just speculation. I’ve also observed Chromium using TFO with TLS.
I can take the question to the TCPM and/or TLS WG if that is helpful?
Sara.
More information about the openssl-dev
mailing list