On Friday, 7 June 2019 19:20:07 CEST Joshua Hutchins wrote: > Hi, I'm pretty new to openssl (sort of new to being a developer to be > honest). > I am using libcurl to send pretty small HTTP requests every 5 or so > minutes, using TLS. I'm trying to use some of the new features in TLS 1.3 > to reduce the *size* of the handshake, as this is going to be going over > mobile data and doing a full TLS handshake every 5 minutes accounts for > about 60% of my total data usage. > > Any advice for this? I've already built nghttp2, openssl, and libcurl from > scratch so I have all the new features. performing session resumption should stop the server from sending the certificate to the client – make sure that you preserve the session data and use it for future connections mismatch between the key shares sent by the client and what the server will use will cause the connection to fallback to HelloRetryRequest mode, sending just one key share will also reduce the size of the handshake – ensure the enabled groups match the list and order of the list in server ensuring the connection uses ECDSA will also reduce the size of initial handshake and will cause the handshake to be smaller when the resumption is rejected by server – that will require reconfiguring the server disabling sending of padding extension should also reduce the size of ClientHello message (at a potential cost of interoperability issues) -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
Attachment:
signature.asc
Description: This is a digitally signed message part.
