Hi folks, we investigated the potential benefit of resuming TLS sessions across different SNI values [1]. We found, that enabling TLS resumption across different SNI values allows converting 58.7% of the required full TLS handshakes to resumed connection establishments when retrieving an average Alexa Top 1K website. These conversions to performance-optimized resumption handshakes yield to a reduction of 44% of the CPU time (energy resources) consumed for the TLS connection establishments. Furthermore, our results suggest, that resuming TLS sessions across different SNI values accelerates the connection establishment with an average website by up to 30.6%.
I think it's time to reassess the recommendation of TLS 1.3 to avoid resumption handshakes when connecting to a different SNI value. To realize this performance improvement, I suggest a dedicated TLS extension. Here, you can find an Internet-Draft describing such a simple TLS extension [2]. I will be at the IETF 104 in Prague to present and discuss this topic. I ask you for feedback on this topic and welcome your contributions to this Internet-Draft [3]. Thanks in advance for your feedback. Best, Erik Sy [1] https://arxiv.org/pdf/1902.02531.pdf [2] https://www.ietf.org/id/draft-sy-tls-resumption-group-00.txt [3] https://github.com/kirsey/draft-sy-tls-resumption-group _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
