[openssl-dev] [openssl.org #4271] Enhancement Request: Support TCP Fast Open

Kurt Roeckx via RT rt at openssl.org
Tue Jan 26 21:05:40 UTC 2016


On Tue, Jan 26, 2016 at 02:17:57PM +0000, Sara Dickinson via RT wrote:
> 
> > On 25 Jan 2016, at 18:42, Kurt Roeckx via RT <rt at openssl.org> wrote:
> > 
> > On Mon, Jan 25, 2016 at 06:24:55PM +0000, Sara Dickinson via RT wrote:
> >> Hi,
> >> 
> >> I would like to request that support be added to OpenSSL to enable client applications to make use use of TCP Fast Open (https://tools.ietf.org/html/rfc7413 <https://tools.ietf.org/html/rfc7413>) when initiating the TLS handshake on Linux (TCP Fast Open is available in Linux kernel > 4.1). 
> > 
> > I've seen that request, and I have tought about it.  I'm just
> > wondering if that comes with security consequences, like replay
> > attacks.  
> 
> Not that I am aware of. I've seen the question of security vulnerabilities of TFO raised a few times but never with any concrete examples, just speculation. I've also observed Chromium using TFO with TLS.  

It's just that I've seen this speculation at other places, and
didn't understand it.

> I can take the question to the TCPM and/or TLS WG if that is helpful?

I don't think it's needed.


Kurt




More information about the openssl-dev mailing list