[openssl-users] Using TCP Fast Open with OpenSSL
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Jan 20 18:11:04 UTC 2016
On Wed, Jan 20, 2016 at 06:01:00PM +0000, Nounou Dadoun wrote:
> But if the TFO data payload is in the first SYN how can it be encrypted
> (etc) even before the TCP handshake is complete (let alone the SSL
> handshake) unless the calls are unbundled and serialized somehow.
The TCP first-flight data will be the TLS ClientHello message. This
saves one round-trip on repeat visits:
C: SYN + TFO-COOKIE + TLS ClientHello
S: SYN-ACK
S: ACK + TLS Server Hello ...
...
--
Viktor.
More information about the openssl-users
mailing list