[openssl-users] Using TCP Fast Open with OpenSSL

Viktor Dukhovni openssl-users at dukhovni.org
Wed Jan 20 16:55:17 UTC 2016

> On Jan 20, 2016, at 9:27 AM, Sara Dickinson <sara at sinodun.com> wrote:
> I have TFO + TLS (using OpenSSL) working on OS X. However, because of the specifics of the TFO implementation on Linux, I can’t see how to get that working with OpenSSL. On Linux using TFO requires that
> - the connect() call is skipped entirely
> - the first data sent on the connection must be sent using the sendto() function passing in the MSG_FASTOPEN flag. This sendto() call takes care of both the TCP handshake, and sending the data as payload in the SYN. 
> I may well be missing something, but I can’t see anyway to use this in combination with the OpenSSL API, because the SSL_connect()/SSL_do_handshake() functions rely on the underlying socket already being setup and ready to accept a 'write'. Does anyone know of a solution/workaround, or a plan to add support for client TFO to OpenSSL?

Well, I am not shy to say that the Linux Kernel API for this is
poorly designed.  However, we can perhaps work around this.

This could be done via an enhancement of BIO_s_socket()
to support completing the connection on the first write.
Then you just configure the modified BIO as the network
BIO of the SSL handle.

The construction of the BIO could be made transparent to
users of SSL_set_fd() via a suitable new control operation
that's passed through to the underlying BIO.

	SSL_set_fd(ssl, sock);
	SSL_set_tfo_addr(ssl, struct sockaddr *sa, int salen);

(Or some variant of these types for Windows, ...)

But of course the feature itself would not initially be
available on all platforms.


More information about the openssl-users mailing list