On 12/19/13 04:50, Alex wrote:
I remember reading (I believe it was in your (excellent) book! ;)) that upon packet loss, the full TLS record has to be retransmitted. Not cool if the TLS record is large and fragmented. So that's indeed a good reason to keep TLS records small and preferably within the size of a TCP segment.
Why TCP retransmit for single lost packet is not enough (in kernel TCP stack, whit is unaware of TLS record)? Kernel on receiver side, should wait for this lost packet to retransmit, and return data to application in same order as it was sent.
Big TLS record can add some delay for first byte (but not to last byte) in decrypted page, but browser anyway can't render first byte of page, It need at least some data.
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
