Re: [openssl-users] Using TCP Fast Open with OpenSSL

The TCP first-flight data will be the TLS ClientHello message. This saves one round-trip on repeat visits: C: SYN + TFO-COOKIE + TLS ClientHello S: SYN-ACK S: ACK + TLS Server Hello ... ... -- Viktor. That makes sense, thanks ... N Nou Dadoun Senior Firmware

Re: [openssl-users] Using TCP Fast Open with OpenSSL

> On 20 Jan 2016, at 16:55, Viktor Dukhovni wrote: >> On Jan 20, 2016, at 9:27 AM, Sara Dickinson wrote: >> >> I have TFO + TLS (using OpenSSL) working on OS X. However, because of the >> specifics of the TFO implementation on Linux, I can’t see how to get that >> working with OpenSSL. On Li

Re: [openssl-users] Using TCP Fast Open with OpenSSL

On Wed, Jan 20, 2016 at 06:01:00PM +, Nounou Dadoun wrote: > But if the TFO data payload is in the first SYN how can it be encrypted > (etc) even before the TCP handshake is complete (let alone the SSL > handshake) unless the calls are unbundled and serialized somehow. The TCP first-flight da

Re: [openssl-users] Using TCP Fast Open with OpenSSL

-Original Message- From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Viktor Dukhovni Sent: Wednesday, January 20, 2016 8:55 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Using TCP Fast Open with OpenSSL > On Jan 20, 2016, at 9:27 AM, S

Re: [openssl-users] Using TCP Fast Open with OpenSSL

> On Jan 20, 2016, at 9:27 AM, Sara Dickinson wrote: > > I have TFO + TLS (using OpenSSL) working on OS X. However, because of the > specifics of the TFO implementation on Linux, I can’t see how to get that > working with OpenSSL. On Linux using TFO requires that > - the connect() call is skip

Re: [openssl-users] Using TCP Fast Open with OpenSSL

Hi, I have recently been adding support for TLS using OpenSSL to a client application. When using TCP the application uses TCP Fast Open (TFO) as described in this RFC: https://tools.ietf.org/html/rfc7413 . TFO is currently available for clients on both Li