[openssl-users] Using TCP Fast Open with OpenSSL

Viktor Dukhovni openssl-users at dukhovni.org
Wed Jan 20 18:11:04 UTC 2016

On Wed, Jan 20, 2016 at 06:01:00PM +0000, Nounou Dadoun wrote:

> But if the TFO data payload is in the first SYN how can it be encrypted
> (etc) even before the TCP handshake is complete (let alone the SSL
> handshake) unless the calls are unbundled and serialized somehow.

The TCP first-flight data will be the TLS ClientHello message.  This
saves one round-trip on repeat visits:

    C: SYN + TFO-COOKIE + TLS ClientHello
    S: SYN-ACK
    S: ACK + TLS Server Hello ...


More information about the openssl-users mailing list