Using TCP Fast Open with OpenSSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jan 20, 2016 at 06:01:00PM +0000, Nounou Dadoun wrote:

> But if the TFO data payload is in the first SYN how can it be encrypted
> (etc) even before the TCP handshake is complete (let alone the SSL
> handshake) unless the calls are unbundled and serialized somehow.

The TCP first-flight data will be the TLS ClientHello message.  This
saves one round-trip on repeat visits:

    C: SYN + TFO-COOKIE + TLS ClientHello
    S: SYN-ACK
    S: ACK + TLS Server Hello ...
    ...

-- 
	Viktor.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux