[openssl-users] Using TCP Fast Open with OpenSSL

Sara Dickinson sara at sinodun.com
Wed Jan 20 14:27:25 UTC 2016


I have recently been adding support for TLS using OpenSSL to a client application. When using TCP the application uses TCP Fast Open (TFO) as described in this RFC: https://tools.ietf.org/html/rfc7413 <https://tools.ietf.org/html/rfc7413>. TFO is currently available for clients on both Linux and OS X, however the socket API changes for TFO are different on the 2 platforms.

I have TFO + TLS (using OpenSSL) working on OS X. However, because of the specifics of the TFO implementation on Linux, I can’t see how to get that working with OpenSSL. On Linux using TFO requires that
- the connect() call is skipped entirely
- the first data sent on the connection must be sent using the sendto() function passing in the MSG_FASTOPEN flag. This sendto() call takes care of both the TCP handshake, and sending the data as payload in the SYN. 

I may well be missing something, but I can’t see anyway to use this in combination with the OpenSSL API, because the SSL_connect()/SSL_do_handshake() functions rely on the underlying socket already being setup and ready to accept a 'write'. Does anyone know of a solution/workaround, or a plan to add support for client TFO to OpenSSL?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160120/f05ca0ed/attachment-0001.html>

More information about the openssl-users mailing list